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Mr.  Glenn,  from  the  Committee  on  Governmental  Affairs, 
submitted  the  following 


REPORT 

[To  accompany  S.  496] 

The  Committee  on  Governmental  Affairs,  to  which  was  referred 
the  bill  (S.  496)  to  amend  title  5  of  the  United  States  Code,  to 
ensure  privacy,  integrity,  and  verification  of  data  for  computer 
matching,  to  establish  Data  Integrity  Boards  within  Federal  agen- 
cies, and  for  other  purposes,  having  considered  the  same,  reports 
favorably  thereon  with  an  amendment  and  recommends  that  the 
bill  as  amended  do  pass. 
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I.  Purpose  and  History  of  S.  496 

The  purpose  of  S.  496,  the  Computer  Matching  and  Privacy  Pro- 
tection Act  of  1987,  is  to  improve  the  oversight  and  procedures  gov- 
erning the  disclosures  of  personal  information  in  computer  match- 
ing programs  and  to  protect  the  privacy  and  due  process  rights  of 
individuals  whose  records  are  exchanged  in  such  matching  pro- 
grams. 

S.  496  was  reported  unanimously  by  the  Committee  on  Govern- 
mental Affairs  on  May  20,  1987,  and  was  passed  by  the  Senate  on 
May  21,  1987.  The  House  of  Representatives  passed  S.  496  on 
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August  1,  1988,  substituting  the  text  of  H.R.  4699,  a  companion  bill 
to  S.  496,  in  lieu  of  the  Senate  language.  The  House  amendment 
includes  many  of  the  same  provisions  of  the  Senate-passed  version. 
This  report  discusses  the  provisions  of  S.  496,  as  passed  by  the 
Senate,  and  notes  changes  made  to  S.  496  by  the  House  amend- 
ment. 

II.  Background:  Definition  and  History  of  Computer  Matching 

Computer  matching  is  the  computer-assisted  comparison  of  two 
or  more  automated  lists  or  files  to  identify  inconsistencies  or  irreg- 
ularities among  the  lists  or  files.  For  example,  the  Department  of 
Education's  list  of  delinquent  student  loans  could  be  cross-checked 
with  lists  of  federal  employees  to  determine  whether  any  student 
loan  defaulters  work  for  the  federal  government.  Comparisons  can 
involve  the  matching  of  names,  Social  Security  numbers,  addresses, 
government  contract  numbers,  or  other  personal  identifiers.  Most 
computer  matching  is  performed  to  detect  fraud,  error,  or  abuse  in 
government  programs  or  to  determine  whether  a  specific  applicant 
or  recipient  of  benefits  under  a  government  program  truly  qualifies 
for  benefits. 

The  first  major  computer  matching  program  conducted  by  the 
federal  government  dates  back  to  1977,  when  the  U.S.  Department 
of  Health,  Education,  and  Welfare  used  this  computer  technique  to 
detect  overpayments  in  its  Aid  to  Families  with  Dependent  Chil- 
dren (AFDC)  program.  This  effort  entitled  "Project  Match,"  com- 
pared the  records  of  approximately  78  percent  of  all  recipients  of 
AFDC  with  the  payroll  records  of  about  three  million  federal  em- 
ployees, in  order  to  detect  those  who  might  be  illegally  drawing 
welfare  payments.  A  pilot  match  conducted  in  the  District  of  Co- 
lumbia identified  over  $330,000  in  possibly  incorrect  payments 
being  made  to  individuals.  Prior  to  this  project,  only  a  small 
number  of  small-scale  computer  matches  had  been  conducted  by 
the  federal  government. 

Subsequent  to  Project  Match,  Inspectors  General  in  various  agen- 
cies adopted  computer  matching  as  an  audit  tool  to  detect  fraud 
error,  or  abuse  in  federal  benefit  programs.  The  Inspector  General 
at  the  Department  of  Agriculture,  for  example,  conducted  several 
computer  matches  of  Food  Stamp  records  with  other  welfare  bene- 
fit programs  in  selected  states  to  determine  whether  ineligible  indi- 
viduals were  receiving  food  stamps.  In  1978,  this  same  office  within 
the  Department  of  Agriculture  matched  emergency  loans  of  the 
Farmers'  Home  Administration  with  disaster  loan  records  of  the 
Small  Business  Administration,  finding  excess  loans  amounting  to 
$2,300,000.  The  Inspector  General  reported  that  by  the  end  of  1981, 
over  $1.25  million  in  such  excess  loan  amounts  had  been  recovered, 
with  the  actual  match  costing  the  IG's  office  $50,000  to  conduct. 

In  1979,  faced  with  the  growing  use  of  computer  matching  to 
detect  fraud,  error  or  abuse  in  government  programs,  the  Office  of 
Management  and  Budget  (OMB)  issued  ' 'Guidelines  on  the  Conduct 
of  Computer  Matching  Programs".  The  stated  purpose  of  these 
guidelines  was  to  aid  agencies  conducting  computer  matching  pro- 
grams in  "balancing  the  government's  need  to  maintain  the  integ- 
rity of  Federal  programs  with  the  individual's  right  to  personal  pri- 
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vacy."  The  guidelines  included  analyses  that  should  be  made  by 
agencies  in  deciding  whether  to  conduct  a  matching  program,  as 
well  as  reporting  and  publication  provisions. 

In  addition  to  the  growing  use  of  computer  matches  by  agencies 
as  an  administrative  tool  for  auditing  programs,  the  Congress  had 
also,  by  the  late  1970,  mandated  the  use  of  matching  in  certain  gov- 
ernment benefit  programs  to  check  the  eligibility  of  persons  par- 
ticipating in  these  programs.  Public  Law  95-216,  for  example,  re- 
quires state  welfare  agencies  to  use  wage  information  contained  in 
State  Employment  Security  Agency  files  or  in  Social  Security  files 
to  determine  AFDC  eligibility  and  payment  amounts.  Legislation 
passed  by  the  Congress  in  1981  also  mandated  wage  matching  for 
the  Food  Stamp  program. 

In  1981,  the  President's  Council  on  Integrity  and  Efficiency 
[PCIE],  comprised  of  the  Inspectors  General  and  chaired  by  the 
Deputy  Director  of  OMB,  formed  the  Long-Term  Computer  Match- 
ing Project  to  promote  the  use  of  computer  matching  by  federal 
and  state  agencies.  This  project  sought  to  gather  information  about 
federal  and  state  matching  activities,  identify  and  remove  technical 
and  administrative  obstacles  to  computer  matching,  and  foster  fed- 
eral and  state  cooperation  in  exchanging  records  for  computer 
matching  purposes.  One  of  the  earliest  tasks  completed  by  the 
project  was  the  revision  of  the  OMB  guidelines  governing  computer 
matching  programs  in  order  to  streamline  the  administrative  re- 
quirements for  conducting  computer  matching  programs.  Through 
the  PCIE,  the  Reagan  Administration  has  endorsed  computer 
matching  as  a  useful  tool  to  combat  fraud  and  to  increase  govern- 
ment efficiency. 

III.  The  Senate  Oversight  of  Government  Management 
Subcommittee's  Investigation  of  Computer  Matching 

The  promotion  of  computer  matching  by  the  PCIE  to  detect 
fraud  and  abuse  and  the  increasing  statutory  requirements  to 
match  records  from  different  programs  to  check  eligibility  for  gov- 
ernment benefits  spurred  the  Senate  Subcommittee  on  Oversight  of 
Government  Management,  under  the  chairmanship  of  Senator  Wil- 
liam S.  Cohen,  to  investigate  this  auditing  technique  to  determine 
its  ramifications  for  both  the  government  and  private  citizens.  The 
Subcommittee  was  particularly  interested  in  charges  made  by  pri- 
vacy and  public  interest  groups  that  computer  matching  could  ad- 
versely affect  the  privacy  and  due  process  rights  of  individuals. 
Since  1981,  the  Subcommittee  has  held  two  sets  of  oversight  hear- 
ings on  computer  matching  programs:  The  first,  in  December  1982, 
focused  on  the  oversight  of  computer  matching  programs  to  detect 
fraud  and  mismanagement  in  government  programs;  the  second,  on 
June  6,  1984,  focused  on  the  use  of  tax  records  in  computer  match- 
ing programs.  At  these  hearings,  the  Subcommittee  heard  and  re- 
ceived testimony  from  several  witnesses  representing  both  the  fed- 
eral government  and  state  government  agencies,  on  the  use  of 
matching  programs  to  detect  fraud,  error,  or  overpayments,  as  well 
as  from  privacy  experts  and  the  General  Accounting  Office.  During 
its  investigation,  the  Subcommittee  also  closely  monitored  statuto- 
ry and  administrative  developments  relating  to  computer  matching 
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programs  at  both  federal  and  state  levels  of  government.  As  a 
result  of  these  hearings,  Senators  Cohen  and  Carl  Levin  introduced 
S.  2756,  the  Computer  Matching  and  Privacy  Protection  Act  of 
1986,  on  August  14,  1986.  A  revised  version  of  this  bill,  S.  496,  the 
Computer  Matching  and  Privacy  Protection  Act  of  1987,  was  intro- 
duced by  Senators  Cohen  and  Levin  on  February  5,  1987. 

A.  CURRENT  SCOPE  OF  COMPUTER  MATCHING 

There  has  been  a  dramatic  increase  in  the  use  of  computer 
matching  programs  since  1980  by  both  federal  and  state  govern- 
ment agencies.  Although  the  precise  number  of  matches  that  have 
been  conducted  during  this  period  is  difficult  to  quantify  due  to  the 
lack  of  a  comprehensive  reporting  mechanism,  the  Office  of  Tech- 
nology Assessment  testified  that  the  number  of  computer  matches 
nearly  tripled  between  1980  and  1984.  The  number  of  records  on 
individual  citizens  exchanged  in  these  matching  programs  is  stag- 
gering. An  OTA  survey,  conducted  in  1986,  for  example,  found  that 
7  billion  records  were  exchanged  in  only  20  percent  of  all  computer 
matching  programs  reported  at  the  federal  level  between  1980  and 
1985. 

The  increase  in  the  number  of  computer  matching  programs  has 
been  facilitated  by  several  statutory  provisions  that  require  agen- 
cies to  exchange  personal  information,  most  often  in  the  form  of 
computer  matching  programs.  The  Debt  Collection  Act  of  1982,  for 
example,  establishes  a  data-sharing  system  between  federal  agen- 
cies and  private  credit  reporting  agencies  in  order  to  increase  the 
collection  of  delinquent  non-tax  debts,  through  such  mechanisms  as 
offsetting  the  salaries  of  federal  employees  to  satisfy  debts  owed  to 
the  government,  screening  credit  applicants  against  the  IRS  files  to 
check  for  tax  delinquencies,  and  referring  delinquent  non-tax  debts 
to  credit  bureaus  to  affect  credit  ratings.  Other  statutes  authorize 
specific  computer  matches,  such  as  the  Department  of  Defense  Au- 
thorization Act  of  1982,  which  requires  the  Secretary  of  Education 
to  prescribe  methods  for  verifying  that  individuals  receiving 
grants,  loans,  or  work  assistance  under  Title  IV  of  the  Higher  Edu- 
cation Act  of  1965  have  complied  with  military  registration  re- 
quirements. 

The  most  extensive  computer  matching  program  specifically  au- 
thorized by  Congress  to  date  is  the  "IEVS"  system  (Income  Eligibil- 
ity Verification  System),  mandated  by  the  Deficit  Reduction  Act  of 
1984  (DEFRA).  Under  this  system,  the  Social  Security  Administra- 
tion's Supplemental  Security  Income  (SSI)  program  and  state  agen- 
cies administering  the  AFDC,  Food  Stamp,  Medicaid,  federal  unem- 
ployment compensation  programs,  and  Social  Security  adult  assist- 
ance programs  must  request  and  use  unearned  income  data  from 
the  Internal  Revenue  Service  to  determine  the  eligibility  of  appli- 
cants to  and  recipients  of  these  assistance  programs.  DEFRA  also 
strengthened  the  authority  of  the  AFDC  and  Food  Stamp  programs 
to  use  wage  data  from  the  Social  Security  Administration  and  from 
state  employment  agencies  for  eligibility  verification  purposes.  In  a 
typical  IEVS  match,  each  state  agency  administering  these  benefit 
programs  will  send  their  computer  tapes  of  applicants  or  recipients 
to  IRS  or  SSA,  which  will  in  turn  match  the  tapes  of  applicants 
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and  recipients  with  their  own  files  and  provide  the  states  with  un- 
earned income  (i.e.,  interest  and  dividend  earnings)  and  wage  data 
on  the  names  submitted  by  the  states.  The  states  use  this  informa- 
tion to  determine  whether  applicants  or  recipients  have  unreported 
assets  or  income  earned  in  excess  of  the  amounts  allowed  under 
the  Food  Stamp,  AFDC,  and  other  federal  benefit  programs.  In  the 
aggregate,  the  matches  of  applicants  in  these  programs  with  IRS 
records  would  result  in  approximately  250,000  records  on  public  as- 
sistance being  matched  against  a  file  containing  unearned  income 
data  on  nearly  180  million  persons. 

B.  BENEFITS  OF  COMPUTER  MATCHING  PROGRAMS 

Computer  matching  programs  can  be,  if  conducted  properly,  a 
useful  tool  to  ensure  the  integrity  and  efficiency  of  government 
programs.  The  Office  of  Management  and  Budget  and  the  Presi- 
dent's Council  on  Integrity  and  Efficiency  have  attributed  substan- 
tial savings  and  recoveries  of  overpayments  in  federal  benefit  pro- 
grams to  the  use  of  comptuer  matching.  Savings  can  be  realized 
from  matching  records  of  recipients  in  federal  benefit  programs 
with  the  files  of  other  agencies  or  programs  to  verify  the  eligibility 
of  individuals  currently  receiving  benefits.  In  July  1985,  for  exam- 
ple, the  records  of  four  million  Supplemental  Security  Income  re- 
cipients were  matched  with  the  unearned  income  files  of  the  Inter- 
nal Revenue  Service.  This  match  identified  $117.5  million  in  over- 
payments for  which  recovery  action  was  instituted.  The  Social  Se- 
curity Administration  reported  that  the  total  cost  of  conducting 
this  match,  including  the  cost  of  follow-up,  was  $6.4  million.  Simi- 
larly, in  October  1985,  the  State  of  Missouri  matched  SSI  data  files 
with  Medicaid  files  to  identify  individuals  who  were  residing  in 
Medicaid-reimbursed  facilities  but  receiving  full  SSI  payments. 
This  match  identified  over  $44,000  in  overpayments  while  costing 
only  $10,000  to  conduct  the  match. 

Significant  savings  have  also  been  attributed  to  computer  match- 
ing performed  for  the  purpose  of  debt  collection.  The  Department 
of  Education,  for  example,  reported  that  a  computer  match  of  de- 
linquent student  loan  debtors  against  federal  employee  active  and 
retired  rolls  conducted  in  1982  recovered  $3.4  million  in  delinquent 
loan  payments.  The  Congress  has,  through  the  enactment  of  the 
Debt  Collection  Act  of  1982,  recognized  that  the  cross-checking  of 
lists  of  applicants  for  and  recipients  of  loan  assistance  with  Inter- 
nal Revenue  Service  delinquent  tax  files  and  the  matching  of  feder- 
al employees'  Social  Security  numbers  with  the  delinquent  debt 
files  of  other  federal  credit  agencies  can  result  in  savings  to  the 
federal  government. 

Deterrence  and  management  improvement  are  other  means  by 
which  computer  matching  can  achieve  potential  savings  for  the  fed- 
eral government.  While  difficult  to  quantity,  some  Inspectors  Gen- 
eral have  noted  that  computer  matching,  when  announced  to  the 
public,  has  acted  as  a  deterrent  against  future  fraud.  Inspector 
General  of  the  Department  of  Health  and  Human  Services  (HHS), 
Richard  P.  Kusserow,  testified  before  the  Oversight  Subcommittee 
that: 
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There  is  also  considerable  evidence  that  cleaning  up  a 
data  base  and  front-end  matching  have  a  deterrent  effect. 
For  example,  a  number  of  individuals  in  one  state  asked 
that  their  names  be  removed  from  Food  Stamp  rolls  fol- 
lowing a  public  report  of  a  match  of  public  assistance  with 
state  employment  and  other  records  .  .  .  This  phenomenon 
of  voluntary  withdrawal  from  the  program  when  a  tech- 
nique is  announced  is  more  the  rule  than  the  exception. 

Similarly,  computer  matches  can  result  in  management  improve- 
ment in  federal  benefit  programs.  The  results  of  a  match  could,  for 
example,  be  used  to  identify  information  that  should  be  asked  of 
applicants  for  benefit  programs  that  would  prevent  the  enrollment 
of  those  who  do  not  qualify  for  program  participation,  or  could 
identify  poor  data  that  exists  in  certain  systems  of  records  used  in 
matching,  such  as  erroneous  Social  Security  numbers.  Such  im- 
provements in  the  internal  or  management  controls  of  government 
programs  could  result  in  significant  savings  to  the  government 
over  long  periods  of  time. 

C.  CONCERNS  RAISED  BY  COMPUTER  MATCHING 

While  computer  matching  can  be  a  useful  administrative  tool  for 
federal  and  state  government  agencies,  the  current  use  of  this  tech- 
nique raises  substantial  policy  concerns.  Several  Congressional  re- 
views of  computer  matching  programs,  including  those  conducted 
by  the  Senate  Subcommittee  on  Oversight  of  Government  Manage- 
ment, the  House  Committee  on  Government  Operations,  the  Office 
of  Technology  Assessment,  and  the  General  Accounting  Office,  as 
well  as  private  sector  assessments  of  the  use  of  computer  matching 
made  by  the  American  Bar  Association  and  the  American  Civil 
Liberties  Union,  have  concluded  that  the  exchange  and  use  of  per- 
sonal information  in  computer  matching  programs,  unless  ade- 
quately overseen  and  administratively  controlled,  can  pose  signifi- 
cant risks  to  the  due  process  and  privacy  rights  of  individuals. 
These  reports  further  conclude  that  the  current  oversight  of  com- 
puter matching  programs  conducted  within  the  Executive  Branch 
is  inadequate,  and  that  the  extent  of  computer  matching  programs, 
while  undoubtedly  increasing,  is  unknown. 

1.  Privacy  and  Due  Process  Concerns 

Although  the  Privacy  Act  of  1974  (5  U.S.C.  sec.  552a)  preceded 
the  development  and  use  of  computer  matching,  in  passing  the  law 
the  Congress  expressed  concern  that  "the  increasing  use  of  comput- 
ers and  sophisticated  information  technology,  while  essential  to  the 
efficient  operations  of  the  Government,  has  greatly  magnified  the 
harm  to  individual  privacy  that  can  occur  from  any  collection, 
maintenance,  use,  or  dissemination  of  personal  information."  The 
Act,  therefore,  makes  any  system  of  records  from  which  informa- 
tion is  retrieved  using  personal  identifiers  (such  as  name,  Social  Se- 
curity number,  or  claim  number)  subject  to  its  provisions. 

Over  the  years,  such  systems  have  been  subject  to  implementing 
guidelines  and  instructions  pertaining  to  the  Act.  For  example,  the 
Office  of  Management  and  Budget  has  issued  guidance  to  agencies 
on  how  to  relate  the  procedural  requirements  of  the  Privacy  Act  of 
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1974  to  the  use  of  computerized  matching  programs.  Despite  the  ex- 
istence of  this  guidance,  however,  concerns  still  exist  that  computer 
matching  may  be  conducted  in  a  manner  that  is  intrusive  to  the 
personal  privacy  of  individuals  whose  records  are  matched.  Privacy 
advocates  have  expressed  concerns,  for  example,  that  some  match- 
ing programs  may,  if  unchecked,  constitute  broad  "fishing  expedi- 
tions" potentially  in  violation  of  the  Fourth  Amendment  right 
against  unreasonable  searches  and  seizures. 

Testimony  before  the  Senate  Oversight  Subcommittee  indicated 
that  the  Privacy  Act  has,  in  practice,  done  little  to  restrict  disclo- 
sures for  computer  matching  programs.  The  Office  of  Technology 
Assessment  has  concluded,  for  example,  that  "the  Privacy  Act  as 
interpreted  by  the  courts  and  OMB  guidelines  offer  little  protection 
to  individuals  who  are  the  subjects  of  computer  matching." 

Studies  of  computer  matching  programs  have  also  concluded  that 
the  use  of  information  from  computer  matching  programs  to  deny, 
suspend,  or  reduce  federal  benefits,  or  take  other  adverse  actions 
against  individuals  should  incorporate  due  process  protections.  The 
need  for  due  process  procedures  in  matching  programs  is  illustrat- 
ed vividly  by  a  computer  matching  program  that  was  conducted  by 
the  State  of  Massachusetts  in  1982.  In  that  program,  lists  of  wel- 
fare recipients  were  matched  against  bank  records  in  order  to  iden- 
tify individuals  who  had  assets  in  excess  of  the  amounts  allowed  by 
law.  Over  1600  welfare  recipients  were  identified  as  having  excess 
assets  and  were  immediately  sent  termination  notices  without  any 
action  being  taken  by  the  Massachusetts  Welfare  Department  to 
verify  the  accuracy  of  the  information  used  in  or  produced  by  the 
match,  or  to  obtain  explanations  on  whether  the  assets  found  in 
the  bank  accounts  were  allowed  under  existing  regulations. 

The  failure  to  verify  the  accuracy  of  the  "hits"  produced  by  the 
matching  program  resulted  in  a  significantly  high  rate  of  appeals 
and  reversals  of  the  terminations  in  the  Massachusetts  bank  match 
case.  The  appeals  rate  was  six  times  higher  than  the  usual  rate  of 
appeals  for  terminations.  Of  those  that  appealed,  half  of  the  errors 
involved  mistakes  in  the  Social  Security  numbers  used.  In  these 
cases,  the  recipient  did  not  really  have  the  assets  that  were  indicat- 
ed by  the  matching  program.  Some  of  the  terminations  were  re- 
versed on  appeal  because  the  assets  identified  by  the  matching  pro- 
gram were  funds  held  in  trusts  for  others,  funds  held  in  joint  ac- 
counts, or  funds  for  burial  expenses,  none  of  which  would  have  ren- 
dered an  individual  ineligible  for  welfare  benefits. 

Since  that  experience,  the  Massachusetts  Department  of  Public 
Welfare  has  verified  its  "raw  hits"  prior  to  taking  action  on 
matches.  In  1983,  such  verification  refined  the  6,482  "raw  hits"  re- 
vealed in  a  bank  matching  program  to  1,328.  Further  fact-finding 
conferences  reduced  this  number  to  493  cases,  which  were  sent  ter- 
mination notices.  Of  the  493  families  sent  notices,  384  cases  were 
found  to  have  assets  in  excess  of  allowable  amounts  under  the  wel- 
fare programs.  The  final  number  of  verified  cases  of  ineligible  per- 
sons is  only  six  per  cent  of  the  original  hits  identified  in  the  match. 

While  the  Committee  recognizes  that  verification  practices  of  fed- 
eral agencies  conducting  matching  programs  have  generally  im- 
proved since  the  1982  Massachusetts  bank  match  experience,  that 
case  clearly  illustrates  the  consequences  of  taking  steps  to  reduce 
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or  deny  benefits  on  the  basis  of  faulty  data.  Due  process  requires 
that  individuals  should  not  be  subject  to  adverse  actions  solely  on 
the  basis  of  data  that  has  been  inadequately  verified  for  accuracy. 
Instead,  government  agencies  conducting  computer  matches  should 
be  required  to  take  steps  to  verify  the  accuracy,  timeliness,  and 
completeness  of  data  that  is  used  as  the  basis  for  adverse  action 
against  individuals.  Moreover,  due  process  requires  that  individuals 
receive  adequate  notice  of  any  proposed  action  to  be  taken  by  the 
government  and  be  provided  an  opportunity  to  contest  the  accura- 
cy of  the  information  which  underlies  the  government  action. 

There  is  broad  consensus  that  basic  due  process  protections 
should  be  provided  for  individuals  who  are  the  subjects  of  computer 
matching  programs.  Congress  has  begun  to  incorporate  procedural 
safeguards  for  individuals  in  matches  that  it  has  mandated  by  law. 
The  Deficit  Reduction  Act  of  1984,  for  example,  requires  agencies 
to  independently  verify  the  information  derived  from  computer 
matches,  as  well  as  provide  notice  and  an  opportunity  for  individ- 
uals to  contest  information  before  reducing,  suspending,  or  denying 
federal  benefits  based  on  the  results  of  the  computer  matching  pro- 
grams required  by  that  law.  The  President's  Council  on  Integrity 
and  Efficiency  has  also  recognized  the  need  for  due  process  protec- 
tions in  computer  matching  programs.  The  current  Chairman  of 
the  PCIE,  Deputy  Director  of  OMB  Joseph  R.  Wright,  Jr.,  testified 
before  a  House  Government  Operations  Subcommittee  that  the  ver- 
ification and  notice  provisions  required  by  S.  496: 

provide  an  adequate  measure  of  privacy  and  due  process 
protection  to  individuals  subject  to  eligibility  tests  through 
matching  programs  and  front-end  eligibility  verification 
programs.  Because  of  the  errors  that  may  be  part  of  any 
matching  program  and  the  harm  that  the  use  of  unverified 
information  may  cause,  we  feel  strongly  that  these  steps 
must  be  taken  to  protect  individual  privacy. 

While  Congress  has  required  such  notice  and  verification  require- 
ments in  some  computer  matches  mandated  by  law,  many  com- 
puter matches  involving  the  records  of  individuals  are  conducted 
under  other,  more  general  statutory  authorities.  In  such  cases,  a 
danger  exists  that  individuals  whose  records  are  matched  may 
have  their  federal  benefits  denied,  suspended,  or  reduced,  or  have 
other  adverse  action  taken  against  them,  solely  on  the  basis  of  out- 
of-date  or  faulty  information,  and  have  no  opportunity  to  contest 
the  accuracy  of  such  information. 

2.  Need  for  Administrative  Controls  on  Computer  Matching 

Studies  and  congressional  hearings  on  computer  matching  also 
indicate  that  there  are  inadequate  administrative  controls  in  place 
to  oversee  the  current  use  of  computer  matching  programs  involv- 
ing records  that  are  subject  to  the  Privacy  Act.  Although  the  Office 
of  Management  and  Budget  has  issued  guidelines  advising  agencies 
conducting  matches  to  enter  into  agreements  governing  the  use  of 
the  records  exchanged  in  the  matching  programs  and  requiring 
such  agencies  to  file  matching  reports  describing  the  matching  pro- 
grams with  OMB,  these  guidelines  are  not  binding  on  agencies. 
Testimony  before  subcommittees  of  both  the  Senate  Governmental 
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Affairs  Committee  and  the  House  Government  Operations  Commit- 
tee indicate  that  OMB  has  not  enforced  its  matching  guidelines, 
which  require  a  brief  description  of  the  match  and  publication  of 
the  description  of  the  match  in  the  Federal  Register  "as  close  to 
the  initiation  of  the  matching  program  as  possible".  Testimony  also 
disclosed  that  OMB  does  not  routinely  monitor  the  agencies'  com- 
pliance with  its  guidelines.  Both  the  General  Accounting  Office  and 
the  Office  of  Technology  Assessment  have  concluded  that  there  is 
little  oversight  of  controls  on  how  computer  matching  is  conducted, 
and  that  no  specific  written  criteria  exist  for  determining  whether 
a  proposed  match  should  be  implemented. 

The  lack  of  administrative  controls  on  matching  has  also  result- 
ed in  a  dearth  of  information  on  the  precise  extent  of  computer 
matching,  and  how  many  records  of  individuals  are  being  ex- 
changed in  such  programs.  While  the  OTA  has  estimated  that  the 
number  of  computer  matches  has  tripled  from  1980  to  1984,  the 
lack  of  accountability  governing  matching  programs  prevents 
agency  decision-makers,  OMB,  Congress,  and,  indeed,  those  individ- 
uals whose  records  are  being  matched,  from  knowing  how  much 
matching  actually  occurs. 

IV.  Provisions  of  S.  496 

The  provisions  of  S.  496  are  intended  to  address  the  privacy,  due 
process,  and  administrative  oversight  concerns  raised  by  the  cur- 
rent state  of  computer  matching.  The  bill  contains  three  main  ele- 
ments: 

(1)  It  requires  that  agencies  participating  in  "computer 
matching  programs"  (a  term  defined  by  the  bill)  enter  into 
written  matching  agreements  outlining  the  terms  of  disclosure 
and  use  of  information  employed  and  produced  by  the  match- 
ing program.  No  disclosure  of  information  may  be  made  for 
computer  matching  purposes  unless  a  matching  agreement  has 
been  approved. 

(2)  It  requires  the  establishment  of  a  Data  Integrity  Board 
within  each  agency  that  conducts  or  participates  in  a  matching 
program.  The  function  of  the  Data  Integrity  Board  is  to  over- 
see and  coordinate  the  implementation  of  this  Act  by  review- 
ing and  approving  matching  agreements  and  by  reviewing  the 
matches  in  which  its  agency  has  participated  in  the  past  year 
to  determine  compliance  with  applicable  laws,  regulations, 
guidelines,  and  agency  agreements,  and  to  assess  the  cost  and 
benefits  of  such  programs. 

(3)  It  requires  the  establishment  of  procedural  safeguards  for 
individuals  whose  records  are  matched  in  programs  covered  by 
the  Act,  including  requirements  for  the  independent  verifica- 
tion of  information  yielded  by  computer  matches,  and  notice  to 
and  opportunity  for  individuals  to  contest  the  findings  of  com- 
puter matching  programs  prior  to  adverse  actions  being  taken 
against  such  individuals. 

1.  Computer  Matching  Covered  By  the  Act 

Section  5  of  the  bill  defines  the  computer  matching  programs 
that  are  covered  by  this  Act.  In  order  to  be  subject  to  the  bill's  pro- 
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visions,  the  matching  program  must  meet  three  criteria.  First,  at 
least  one  set  of  the  records  involved  in  the  matching  program  must 
be  a  system  of  records  as  defined  by  and  subject  to  the  Privacy  Act. 
Under  the  Privacy  Act  of  1974,  a  "system  of  records"  is  defined  as 
"a  group  of  records  under  the  control  of  any  agency  from  which  in- 
formation is  retrieved  by  the  name  of  the  individual  or  by  some 
identifying  number,  symbol,  or  other  identifying  particular  as- 
signed to  the  individual.' ' 

Since  by  far  most  Privacy  Act  systems  of  records  are  maintained 
by  federal  agencies,  the  bill  will  generally  cover  only  matches  in- 
volving a  federal  agency  as  a  source  or  recipient  of  information.  As 
spelled  out  in  the  Senate-passed  bill,  this  means  that  matching  pro- 
grams can  involve  the  exchange  of  records  between  two  federal 
agencies,  or  between  a  federal  agency  and  a  non-federal  matching 
entity.  "A  non-federal  matching  entity"  is  defined  by  the  bill  as  a 
state  or  local  government,  or  an  agency  thereof,  a  partnership  or 
corporation,  association,  or  public  or  private  organization  which  re- 
ceives or  supplies  records  in  a  matching  program  within  the  scope 
of  this  bill. 

Second,  the  definition  of  matching  program  extends  only  to  the 
computerized  comparison  of  sets  of  records.  Thus,  while  separate 
sets  of  records  are  often  compared  manually  to  verify  the  eligibility 
of  individuals  to  receive  government  benefits,  such  manual  com- 
parisons are  not  covered  by  this  bill. 

Finally,  to  meet  the  definition  of  a  matching  program  under  the 
bill,  the  matching  program  must  fall  into  one  of  three  general  cate- 
gories of  computer  matches  set  forth  in  section  5.  The  first  category 
of  matching  programs  are  those  programs  that  are  conducted  for 
the  purpose  of  establishing  or  verifying  the  eligibility  of  persons 
initially  to  receive  or  to  continue  to  receive  assistance  under  feder- 
al benefit  programs.  Matches  conducted  for  such  eligibility  verifica- 
tion purposes  include  those  matches  that  are  conducted  to  deter- 
mine initial  eligibility  for  benefits  (so-called  '  'front-end  eligibility 
verification"  matches),  or  continuing  compliance  with  statutory 
and  regulatory  requirements  for  recipients  or  beneficiaries  of,  par- 
ticipants in,  or  providers  of  services  for  assistance  under  federal 
benefit  programs.  Such  assistance  can  take  the  form  of  cash  or  in- 
kind  assistance  or  payments  under  federal  benefit  programs.  The 
term  "federal  benefit  program"  is  broadly  defined,  and  is  intended 
to  include  any  program  administered  or  funded  by  the  federal  gov- 
ernment, or  by  a  state  or  agent  on  behalf  of  the  federal  govern- 
ment. A  match  to  determine  eligibility  of  AFDC  recipients,  for  ex- 
ample, is  covered  by  the  bill  (since  AFDC  is  a  state-administered, 
federally  funded  program)  so  long  as  the  AFDC  records  are 
matched  with  a  Privacy  Act  system  of  records. 

The  second  category  of  matching  programs  subject  to  the  bill  are 
those  matching  programs  conducted  for  the  purpose  of  recouping 
payments  or  delinquent  debts  under  federal  benefit  programs.  As 
used  in  the  bill,  the  term  "payments"  is  intended  to  cover  both 
cash  or  in-kind  assistance  under  such  benefit  programs. 

Inclusion  of  matches  under  these  two  categories  is  determined  by 
the  purpose  for  conducting  the  match.  Thus,  for  example,  matches 
conducted  by  the  Federal  Parent  Locator  Service,  within  HHS,  are 
not  subject  to  the  provisions  of  S.  496  because  these  matches  are 
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conducted  to  locate  absent  parents  who  are  not  paying  child  sup- 
port in  order  to  take  action  against  them  to  secure  such  child  sup- 
port payments.  The  Committee  does  not  intend  the  bill  to  be  con- 
strued to  apply  to  matches  performed  by  the  Federal  Parent  Loca- 
tor Service  to  locate  absent  parents  even  though  such  payments 
may  result  in  a  recoupment  of  payments  made  by  a  federal  benefit 
program,  such  as  Aid  to  Families  with  Dependent  Children.  The 
federal  benefit  recoupment  is  not  the  principal  purpose  of  the 
matching  activity. 

The  third  category  of  matches  covered  by  the  bill  are  all  match- 
ing programs  using  federal  personnel  or  payroll  systems  of  records, 
regardless  of  the  purpose  of  the  match.  The  bill  covers  these  types 
of  records  because,  historically,  many  matching  programs  have  in- 
volved the  records  of  federal  employees  or  federal  retirees.  Since 
the  federal  government  has  comprehensive  records  on  its  own  em- 
ployees and  retirees,  these  records  are  often  exchanged  in  match- 
ing programs  to  determine  whether  federal  workers  or  retirees  are 
receiving  benefits  for  which  they  are  ineligible,  or  whether  they 
have  delinquent  debts  with  the  government.  Because  the  files  on 
these  individuals  are  most  readily  available  to  agencies  for  use  in 
matching  programs,  concerns  have  been  raised  that  these  individ- 
uals are  ' 'captives"  of  matching  programs  and  could,  unless  pro- 
tected, be  most  vulnerable  to  breaches  of  privacy  in  matching  pro- 
grams. Thus,  the  bill  covers  all  matches  involving  these  records,  re- 
gardless of  purpose,  unless  the  match  is  specifically  subject  to  ex- 
ceptions discussed  below.  This  category  includes  matches  between 
two  federal  systems  of  records  as  well  as  matches  between  a  federal 
system  of  records  and  non-federal  records. 

The  number  of  records  matched  is  not  a  determining  factor  of 
whether  a  match  is  covered  by  this  bill.  A  matching  program  can 
consist  of  hundreds  of  records  of  recipients  being  matched  at  one 
time,  or  a  series  of  one  individual's  records  being  cross-checked 
against  various  sets  of  data  to  verify  eligibility.  A  comparison  of  six 
individual  student  loan  defaultees  with  the  Office  of  Personnel 
Managment  files  would,  for  example,  be  subject  to  the  require- 
ments of  this  bill.  Unlike  current  OMB  guidelines  which  do  not 
apply  to  front-end  eligibility  verification  or  to  matching  programs 
that  do  not  compare  a  substantial  number  of  records,  checks  on 
specific  individuals  to  verify  data  in  an  application  and  single 
matches  to  verify  eligibility  of  a  particular  individual  are  subject  to 
the  bill. 

There  are  six  types  of  matching  activities  that  are  specifically  ex- 
empted from  the  scope  of  S.  496.  First,  a  match  that  is  performed 
to  produce  aggregate  statistical  data  without  personal  identifiers  is 
not  covered  by  the  bill. 

Second,  a  match  performed  to  support  any  research  or  statistical 
project  is  excluded  from  coverage  of  the  bill  if  no  data  resulting 
from  the  match  is  used  to  make  decisions  concerning  the  rights, 
benefits,  or  privileges  of  specific  individuals. 

A  third  exemption  exists  for  purely  internal  matches,  i.e., 
matches  performed  within  a  single  agency  in  which  no  records  are 
matched  outside  that  agency  or  one  of  its  components.  An  impor- 
tant limitation,  however,  is  placed  on  this  exception.  The  exception 
does  not  apply  if  the  agency  is  matching  its  federal  personnel  or 
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payroll  records  with  the  records  of  the  Federal  benefit  programs  it 
administers.  For  example,  the  bill  covers  internal  agency  matches 
of  federal  personnel  records  with  federal  benefit  programs  to  find 
potential  fraud  or  to  determine  if  the  agency's  employees  are  im- 
properly receiving  these  benefits  or  whether  they  are  delinquent  in 
repaying  federal  loans.  These  matches  are  subject  to  the  terms  of 
this  bill,  because  federal  employees  workers  merit  the  same  due 
process  and  privacy  as  do  other  citizens  whose  records  are 
matched. 

A  fourth  exception  exists  for  certain  matches  conducted  for  law 
enforcement  purposes.  This  exception  is  available  only  to  those 
agencies,  or  components  thereof,  which  perform  as  their  principal 
function  any  activity  pertaining  to  the  enforcement  of  criminal 
laws. 

An  agency  that  is  not  principally  a  law  enforcement  agency  may 
still  have  a  component  that  can  utilize  this  exclusion  for  specific 
matching  activities.  While  an  audit  office  that  performs  multiple 
functions,  only  one  of  which  is  the  initiation  of  criminal  law  en- 
forcement investigations,  would  not  qualify  for  this  exclusion,  a 
clearly  identifiable  investigative  subunit  that  conducts  criminal  in- 
vestigations as  its  principal  function  may  qualify  for  this  exclusion. 
For  example,  the  entire  Internal  Revenue  Service  would  not  qual- 
ify to  use  this  law  enforcement  exclusion,  but  some  matches  con- 
ducted by  the  Criminal  Investigations  Division  of  the  IRS  could 
qualify  for  the  exclusion. 

Agencies  or  components  that  qualify  for  this  exclusion  may  use  it 
only  for  matching  programs  that  are  conducted  subsequent  to  the 
initiation  of  a  specific  criminal  or  civil  investigation  of  a  named 
person  or  persons  for  the  purpose  of  gathering  evidence  against 
such  person  or  persons.  In  order  to  qualify  for  this  exclusion,  an 
agency  or  component  must  be  gathering  evidence  for  an  existing, 
on-going  investigation  whose  targets  are  already  identified. 

This  exclusion  is  consistent  with  the  bill's  overall  intent  to  pro- 
vide protections  against  the  imporper  use  of  computer  matching. 
Matches  of  greatest  concern  and  warranting  most  controls  are 
those  matches  that  are  initiated  without  any  evidence  of  wrongdo- 
ing by  specific  individuals.  Such  matching  programs,  if  uncon- 
trolled, can  too  easily  become  "fishing  expeditions"  to  find  informa- 
tion about  individuals  when  there  is  no  suspicion  of  wrongdoing, 
risking  violation  of  the  Fourth  Amendment  prohibition  against  un- 
reasonable search  and  seizure.  Computer  matching  may,  however, 
be  needed  to  substantiate  or  develop  a  legitimate  law  enforcement 
investigation.  This  legislation  is  not  intended  to  impede  exchanges 
of  information  which  will  contribute  to  a  specific,  targeted  investi- 
gation. Thus,  once  a  law  enforcement  investigation  meets  the  re- 
quirements of  the  subsection,  section  5  provides  a  total  exclusion 
from  the  bill's  coverage. 

The  phrase  "named  individual  or  named  individuals"  is  intended 
to  mean  that  the  investigation  has  already  identified  specific  indi- 
viduals as  its  targets.  A  general  description  of  targets,  such  as 
"program  beneficiaries,"  would  be  insufficient  to  meet  this  defini- 
tion. Moreover,  there  must  be  a  reasonable  basis  for  believing  that 
each  of  the  identified  targets  of  the  investigation  has  engaged  in 
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the  improper  conduct  that  is  being  investigated  by  the  agency  or 
component  thereof. 

The  fifth  exclusion  covers  certain  matching  activities  conducted 
by  the  Internal  Revenue  Service.  The  Senate-passed  bill  limited 
this  exclusion  to  only  those  tax  matches  that  are  conducted  pursu- 
ant to  section  6103(d)  of  the  Internal  Revenue  Code  of  1986,  author- 
izing disclosures  of  tax  returns  and  tax  return  information  to  state 
tax  officials  for  tax  administration  purposes. 

The  House-passed  version  of  S.  496  added  two  additional  exclu- 
sions for  matching  programs  involving  tax  records,  both  of  which 
are  acceptable  to  the  Committee.  One  such  provision  provides  a 
limited  exception  for  disclosures  of  tax  returns  and  tax  return  in- 
formation for  purposes  of  tax  administration  as  defined  in  section 
6103(b)(4)  of  the  Internal  Revenue  Code  of  1986.  This  exclusion  is 
intended  to  cover  only  those  disclosures  that  are  authorized  by  this 
section  of  the  Internal  Revenue  Code  and  which  are  conducted  for 
the  purpose  of  tax  administration.  This  exclusion  will  enable  the 
IRS  to  continue  matching  tax  returns  with  other  information,  such 
as  interest  and  dividend  payments,  to  facilitate  tax  administration 
and  ensure  taxpayer  compliance.  This  provision,  however,  is  in- 
tended to  be  a  narrow  one  and  does  not  exclude  matching  of  tax 
information  with  other  data  for  non-tax  administration  purposes. 

The  other  exclusion  provided  for  by  the  House  amendment 
covers  matches  of  tax  information  for  the  purpose  of  intercepting 
tax  refunds  due  to  individuals.  S.  496,  as  reported  by  the  Commit- 
tee and  passed  by  the  Senate,  did  not  exclude  these  matches  due  to 
concerns  over  the  growing  trend  of  offsetting  tax  refunds  to  recoup 
overdue  debts  or  overpayments  under  other  government  programs. 
There  is  preliminary  evidence  that  the  use  of  such  refund  offsets 
can  have  detrimental  effects  on  voluntary  compliance  with  our  tax 
laws.  Individuals  may  avoid  paying  federal  income  taxes  or  under- 
withhold  in  order  to  avoid  refund  offsets  in  subsequent  years.  The 
House-passed  amendment  to  S.  496,  however,  exempts  certain  tax 
refund  offset  programs  from  the  legislation.  Specifically,  the  House 
amendment  excludes  matches  of  tax  information  for  the  purpose  of 
intercepting  a  tax  refund  due  to  an  individual  under  authority 
granted  by  section  464  or  1137  of  the  Social  Security  Act  (42  U.S.C. 
sections  664,1320  b-7).  This  exemption  excludes  from  the  bill's  cov- 
erage matches  conducted  under  these  statutory  authorities  to  col- 
lect past-due  child  support  from  tax  refunds  and  matches  of  tax  in- 
formation for  the  purpose  of  intercepting  tax  refunds  due  to  indi- 
viduals under  the  income  and  eligibility  verification  system  estab- 
lished by  section  1137  of  the  Social  Security  Act  (42  U.S.C.  1320 
b-7).  Further,  the  House  amendment  exempts  refund  offset  programs 
which  have  been  determined  by  the  Office  of  Management  and 
Budget  to  contain  verification,  notice  and  hearing  requirements 
that  are  substantially  similar  to  those  strong  procedures  contained 
in  Section  1137  of  the  Social  Security  Act.  These  provisions  of  the 
House  amendment  are  acceptable  to  the  Committee,  because  the 
Committee  believes  that  the  due  process  procedures  included  in 
Sections  464  and  1134  of  the  Social  Security  Act  are  sufficiently 
strong  to  meet  the  purposes  of  this  bill.  Requiring  these  matches 
also  to  be  subject  to  the  provisions  of  S.  496  would  result  in  dupli- 
cative, costly  procedures  for  agencies  to  follow. 
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Finally,  S.  496  provides  an  exclusion  for  matches  performed  to 
produce  background  checks  for  security  clearances  of  federal  per- 
sonnel. The  House  amendments  to  S.  496  added  an  additional  ex- 
emption, which  is  acceptable  to  the  Committee,  for  matching  pro- 
grams conducted  to  produce  background  checks  for  foreign  counter- 
intelligence purposes.  These  exclusions  are  intended  to  allow  all  re- 
quired security  clearance  investigations  to  be  performed  without 
application  of  the  matching  procedures  required  by  this  bill. 

2.  Matching  Agreements 

S.  496  requires  that  matching  programs  covered  by  the  bill  be 
conducted  pursuant  to  written  matching  agreements.  Section  2  of 
the  bill  specifies  that  no  record  contained  in  a  system  of  records 
under  the  Privacy  Act  may  be  disclosed  by  a  source  agency  to  a 
federal  agency  or  a  non-federal  entity  for  use  in  a  computer  match- 
ing program  unless  such  disclosure  is  pursuant  to  a  written  match- 
ing agreement  between  the  agency  or  entity  disclosing  the  records 
and  the  agency  receiving  the  records. 

The  purpose  for  requiring  written  agreements  is  to  increase  and 
facilitate  oversight  of  the  use  of  computer  matching  and  to  estab- 
lish ground  rules  for  the  disclosure  of  information  for  matches,  as 
well  as  for  the  use  of  information  that  is  derived  from  computer 
matching  programs. 

S.  496  enumerates  several  elements  that  must  be  included  in 
written  matching  agreements.  All  of  these  elements  must  be 
present  in  order  for  the  written  agreements  to  be  approved  by  the 
Data  Integrity  Boards  of  the  agencies  involved  in  the  matching  pro- 
gram prior  to  the  disclosure  of  the  records. 

First,  the  matching  agreement  must  specify  the  justification,  the 
purpose  and  legal  authority  for  conducting  the  matching  program. 

Second,  as  amended  by  the  House,  the  bill  requires  the  matching 
agreement  to  describe  the  anticipated  results  of  the  matching  pro- 
gram, including  a  specific  estimate  of  any  savings  anticipated  as  a 
direct  result  of  the  compter  match.  This  amendment  requires  a 
cost-benefit  analysis  to  be  completed  before  the  Data  Integrity 
Board  can  approve  a  matching  agreement,  and  the  House  bill  di- 
rects agencies  entering  into  the  matching  agreement  to  follow 
guidelines  developed  by  the  General  Accounting  Office  on  how  to 
assess  the  costs  and  benefits  of  computer  matches.  The  House  bill 
also  includes  a  provision  allowing  the  Data  Integrity  Board  to 
waive  this  cost-benefit  analysis  in  certain  circumstances. 

As  passed  by  the  Senate,  S.  496  contains  no  specific  requirement 
for  a  pre-match  cost-benefit  analysis.  The  Committee  does,  howev- 
er, view  as  legitimate  the  concerns  that  some  computer  matching 
programs  may  not  prove  to  be  cost-effective.  While  some  Inspectors 
General  and  program  managers  have  estimated  that  computer 
matching  programs  that  are  conducted  to  remove  ineligible  persons 
from  government  programs  will  result  in  huge  savings,  these  esti- 
mates have  been  rarely  substantiated  by  comprehensive  cost-bene- 
fit analyses  that  take  into  account  all  of  the  actual  costs  of  con- 
ducting, and  following-up  on  the  results  of,  the  matching  program. 
Without  a  solid  measure  of  the  actual  costs  and  benefits  of  all 
phases  of  the  matching  program,  resources  may  be  devoted  to  com- 
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puter  matches  when  other  efforts  to  reduce  fraud,  waste  or  abuse 
in  government  programs  may  actually  be  more  cost-effective. 

While  recognizing  the  importance  of  cost-benefit  analysis,  the 
Committee  is  also  concerned  that  mandating  pre-match  cost  benefit 
analyses  is  inappropriate  for  those  matching  programs  that  are  re- 
quired by  law.  Thus,  an  amendment  to  the  House-passed  bill  that 
the  Committee  would  propose  would  specifically  exempt  these 
matches  from  the  up-front  cost-benefit  analysis  requirement.  Since 
the  costs  of  matching  programs  should  be  considered  for  those 
matches  that  will  be  repeated  to  determine  if  the  matching  pro- 
gram is  truly  cost-effective,  the  amendment  further  specifies  that 
any  subsequent  matching  agreement  for  a  matching  program  spe- 
cifically required  by  statute  will  not  be  approved  by  the  Data  Integ- 
rity Board  unless  the  agency  has  submitted  a  cost-benefit  analysis 
of  the  program  as  conducted. 

Third,  the  matching  agreement  must  describe  the  records  that 
will  be  matched,  including  each  data  element  used;  the  approxi- 
mate number  of  records  that  will  be  matched;  and  the  projected 
starting  and  completion  dates  of  the  matching  program.  The  Com- 
mittee recognizes  that  some  matching  programs,  particularly  those 
specifically  mandated  by  statute,  will  involve  a  series  of  individual 
matches,  at  established  intervals,  between  two  sets  of  records.  For 
example,  AFDC  records  may  be  matched  on  a  quarterly  basis  with 
unearned  income  data  from  the  IRS.  For  such  matches,  the  match- 
ing agreement  should  set  forth  the  starting  and  completion  dates  of 
the  matching  program  as  a  whole  and  the  frequency  of  each  indi- 
vidual match  to  take  place  within  the  program. 

Fourth,  the  matching  agreement  must  also  describe  the  proce- 
dures for  providing  due  process  protections  to  individuals  whose 
records  are  matched.  Specifically,  the  agreement  must  set  forth  the 
procedures  for  providing  notice  to  applicants  and  recipients  of  fi- 
nancial assistance  or  payments  under  federal  benefit  programs  and 
to  applicants  for  and  holders  of  positions  as  federal  personnel,  that 
any  information  provided  by  them  may  be  subject  to  verification 
through  a  matching  program. 

This  provision  requires  individualized  notice  be  givern  at  the 
time  of  application  to  a  benefit  program  (or  upon  application  for  a 
position  with  the  government)  that  the  applicant's  records  may  be 
matched.  Constructive  notice,  such  as  a  notice  in  the  Federal  Regis- 
ter that  a  match  will  be  conducted,  is  insufficient  to  satisfy  this  re- 
quirement. The  committee  anticipates  that  the  notice  will  be  in- 
cluded on  the  application  form  itself,  or  with  other  notices  provided 
to  applicants.  All  notices  provided  must  be  plainly  worded  and  non- 
coercive in  tone. 

Periodic  notice  that  information  may  be  verified  through  match- 
ing must  also  be  given  to  persons  who  are  receiving  benefits  or 
holding  government  positions.  The  Data  Integrity  Board  may  direct 
agencies  on  the  form  that  periodic  notice  may  take.  The  Committee 
expects  that  individualized  periodic  notices  will  be  given  whenever 
possible.  Options  for  periodic  notice  include  inclusion  of  notices 
with  checks  sent  to  recipients,  or  notices  to  agency  personnel 
through  memoranda  or  bulletins.  While  separate  mailings  of  peri- 
odic notices  are  not  required  by  the  bill,  they  may  be  required  by 
Data  Integrity  Boards  or  OMB  for  specific  matches. 
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Fifth,  the  agreement  must  set  forth  the  procedures  for  verifying 
information  produced  in  such  matching  programs.  Verification  pro- 
cedures must  comply  with  the  requirements  set  forth  in  the  new 
section  (p)  of  the  Privacy  Act  as  amended  by  this  bill. 

Sixth,  the  matching  agreement  must  establish  procedures  for  re- 
tention and  destruction  of  records  created  by  such  matching  pro- 
grams. This  provision  is  intended  to  prevent  the  creation  of  perma- 
nent files  or  new  system  of  records  from  matching  programs,  be- 
cause the  existence  of  such  "standing"  files  of  "hits"  from  previous 
matches  could  too  easily  encourage  the  repeated  use  of  these  files 
for  additional  matching.  The  lisats  of  persons  whose  names 
emerged  as  "hits"  in  one  match  should  not  be  retained  as  a  list  of 
suspects  for  future  matches,  as  this  poses  serious  threats  to  person- 
al privacy.  The  Committee  recognizes,  however,  that  identifiable 
records  created  by  a  matching  program  must  be  retained  for  a  rea- 
sonable period  to  allow  necessary,  follow-up  to  a  matching  program. 
This  provision  is  intended  to  ensure  that  records  generated  by  a 
matching  program  are  destroyed  as  soon  as  possible  after  they  are 
no  longer  needed. 

Seventh,  the  matching  agreements  must  also  specify  procedures 
for  ensuring  the  administrative,  technical,  and  physical  security  of 
the  records  matched  and  of  the  results  of  the  matching  program, 
and  must  prohibit  the  duplication  and  redisclosure  of  records 
within  or  outside  the  source  agency,  unless  required  by  law  or  es- 
sential to  the  conduct  of  the  matching  program.  This  provision  is 
intended  to  allow  only  those  disclosures  that  are  necessary  to  com- 
plete the  match  itself  and  to  complete  all  necessary  verification 
and  follow-up  to  the  matching  program,  including  disclosures  or 
duplication  of  information  for  use  in  a  civil  or  criminal  investiga- 
tion or  prosecution  resulting  from  a  computer  match. 

Eighth,  the  matching  agreement  must  specify  procedures  govern- 
ing use  of  records  provided  by  a  source  agency,  including  proce- 
dures governing  the  return  to  the  source  agency  or  the  destruction 
of  records  used  in  such  program.  The  intent  of  this  provision  is  to 
ensure  that  records  used  for  matching  program  be  destroyed  or  re- 
turned to  the  source  agency  as  soon  as  possible  after  the  match  is 
performed  in  order  to  minimizes  dangers  of  unauthorized  use. 

The  matching  agreement  must  provide  information  that  is  avail- 
able to  the  source  of  the  records  on  any  assessments  that  have 
been  made  on  the  accuracy  of  the  records  that  will  be  used  in  the 
matching  program.  Use  of  inaccurate  data  can  greatly  diminish  the 
value  of  matching  programs  by  yielding  many  false  "raw  hits".  If 
out-of-date  wage  data  is  matched  against  the  records  of  benefici- 
aries, for  example,  it  may  appear  that  many  individuals  have 
excess  earnings,  when,  in  fact,  the  earnings  data  is  no  longer  accu- 
rate. Use  of  such  data  not  only  increases  the  follow-up  costs  of 
matching,  but  also  poses  dangers  of  erroneously  reducing  benefits 
based  on  faulty  data.  This  provision  of  S.  496,  while  not  requiring 
agencies  to  undertake  assessments  of  the  accuracy  of  the  data  they 
disclose  for  matching  programs,  requires  matching  agreements  to 
include  information  on  any  such  assessments  that  have  been  made, 
(i.e.,  when  the  set  of  records  was  last  "cleaned  up")  in  order  to  pro- 
vide the  recipient  agency  with  some  sense  of  the  accuracy  of  the 
information. 
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The  House  amendment  to  S.  496  adds  a  provision  that  matching 
agreements  must  authorize  the  Comptroller  General  to  have  access 
to  all  records  of  a  recipient  agency  or  non-federal  entity  for  pur- 
poses of  monitoring  compliance  with  the  agreement.  This  provision, 
which  is  acceptable  to  the  Committee,  extends  existing  statutory 
authority  of  the  Comptroller  General  to  the  records  of  state  and 
local  governments. 

The  House  amendment  also  adds  a  requirement  that  a  copy  of 
each  matching  agreement  must  be  made  available  to  the  public. 
The  agreement  must  also  be  provided  to  the  Senate  Committee  on 
Governmental  Affairs  and  the  House  Committee  on  Government 
Operations  30  days  before  the  matching  agreement  becomes  effec- 
tive. This  30-day  notice  period  to  Congress  is  acceptable  to  the 
Committee  and  parallels  other  provisions  of  the  Privacy  Act  requir- 
ing notification  to  Congress  of  routine  uses  and  creation  of  new  sys- 
tems of  records. 

Finally,  the  House  amendment  includes  a  provision  providing 
that  matching  agreements  may  remain  in  effect  for  a  period  deter- 
mined to  be  appropriate  by  the  Data  Integrity  Board,  not  to  exceed 
18  months.  A  matching  program  that  will  match  the  same  two  sets 
of  records  several  times  over  a  period  of  time  (for  example,  match- 
ing wage  data  with  AFDC  records  every  three  months)  is  consid- 
ered one  matching  program.  The  bill  authorizes  the  Data  Integrity 
Board,  without  additional  review,  to  renew  a  matching  agreement 
for  an  on-going  matching  program  for  up  to  a  year  if  the  program 
will  be  conducted  without  change  and  if  each  party  to  the  agree- 
ment certifies  that  the  program  has  been  conducted  in  compliance 
with  the  agreement.  In  determining  the  effective  time  period  for 
the  initial  matching  agreement,  the  Data  Integrity  Board  should 
consider  the  purpose  and  length  of  time  needed  to  conduct  the 
match,  and  whether  the  match  is  required  by  law.  This  House 
amendment  is  acceptable  to  the  Committee. 

3.  Data  Integrity  Boards 

In  order  to  improve  the  oversight  of  matching  programs  and 
compliance  with  matching  agreements,  applicable  laws,  regulations 
and  guidelines,  section  4  of  S.  496  mandates  each  federal  agency 
conducting  or  participating  in  a  matching  program  establish  a 
Data  Integrity  Board  (DIB).  A  federal  agency  that  acts  as  a  source 
agency  or  recipient  agency  must  establish  a  DIB,  but  agencies  that 
do  not  participate  in  matching  programs  covered  by  the  bill  do  not 
have  to  establish  such  boards.  Although  some  matches  covered  by 
the  bill  will  involve  federal  programs  that  are  state-administered, 
no  non-federal  entity  must  establish  a  DIB. 

Each  agency's  DIB  must  be  composed  of  senior  officials  designat- 
ed by  the  head  of  the  agency.  The  law  specifies  that  the  senior  offi- 
cial designated  by  the  agency  as  responsible  for  implementation  of 
the  Privacy  Act  and  the  Inspector  General  of  the  agency,  if  any, 
must  serve  on  the  DIB,  although  the  IG  cannot  serve  as  chairper- 
son of  the  Board.  The  bill  precludes  the  Inspector  General  from 
serving  as  chairperson  because,  historically,  many  computer  match- 
ing programs  have  been  proposed  and  conducted  by  IGs  to  deter 
fraud  or  waste  in  government  programs.  Since  the  DIB  is  intended 
to  act  as  an  overseer  of  computer  matching  programs,  the  Commit- 
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tee  believes  that  the  Board  should  not  be  headed  by  an  Inspector 
General,  who  may  head  the  office  that  is  conducting  the  matching 
program. 

The  size  of  the  DIB  will  vary  according  to  the  size  of  the  agency 
and  the  number  of  matching  programs  in  which  the  agency  partici- 
pates. Various  agency  components  whose  records  are  matched 
should  be  represented  on  the  Board,  and  the  Board  should  have 
adequate  staff  assigned  to  it  to  allow  it  to  perform  its  statutory 
functions. 

This  legislation  does  not  require  agencies  to  create  new  positions 
to  comply  with  this  provision,  nor  should  membership  on  the 
Boards,  or  on  the  staff  of  the  Boards,  constitute  full-time  positions. 
The  Committee  anticipates  that  the  Board  will  meet  as  needed  to 
approve  and  review  matching  agreements,  and  to  prepare  reports 
required  by  Section  5,  and,  in  some  circumstances,  to  investigate 
the  operation  of  matching  programs. 

The  bill  sets  forth  specific  functions  for  the  Data  Integrity 
Boards  to  perform. 

Each  Board  must  review,  approve  and  maintain  all  written 
agreements  for  receipt  or  disclosure  of  agency  records  for  matching 
programs  to  ensure  compliance  with  the  requirements  of  this  Act 
and  compliance  with  all  relevant  statutes  and  guidelines. 

No  disclosure  of  records  can  be  made  for  a  matching  program 
unless  the  written  matching  agreement  is  approved.  As  passed  by 
the  Senate,  a  matching  program  could  begin  as  soon  as  the  Data 
Integrity  Board  approved  the  matching  agreement.  The  House 
amendment  to  S.  496,  however,  adds  a  requirement  that  the  writ- 
ten agreement  first  be  made  available  to  the  public  and  sent  to  the 
Senate  Governmental  Affairs  Committee  and  the  House  Govern- 
ment Operations  Committee.  The  amendment  makes  the  agree- 
ment effective  30  days  after  being  transmitted  to  the  Committees. 
This  Committee  endorses  this  amendment  as  providing  necessary 
opportunity  for  congressional  review  and  oversight  of  matching 
agreements. 

The  bill  also  authorizes  the  DIB  to  disapprove  matching  agree- 
ments if  they  do  not  comply  with  the  terms  of  this  Act,  or  applica- 
ble laws,  regulations  and  guidelines.  The  bill  sets  up  an  appeals 
procedure  to  be  followed  when  a  DIB  disapproves  a  matching 
agreement. 

In  cases  of  disapproval,  any  party  to  the  agreement  may  appeal 
the  disapproval  to  the  Director  of  OMB.  This  appeals  procedure  is 
included  in  the  House-passed  bill,  and  accepted  by  the  Committee, 
in  order  to  prevent  the  DIB  from  exercising  total  veto  power  on 
matches.  The  Inspectors  General,  for  example,  expressed  concern 
that  agency  officials  on  the  DIB  may  have  conflicts  of  interest 
when  ruling  on  matching  programs  that  are  being  conducted  to 
find  overpayments  in  the  officials'  own  programs.  There  may  be  a 
danger  of  agency  officials  disapproving  matches  even  when  all  ap- 
plicable rules,  regulations  and  guidelines  have  been  followed. 

The  Committee  believes  that  these  conflict-of-interest  concerns 
are  legitimate  and  thus  endorses  the  House  amendment  that  pro- 
vides the  OMB  with  limited  authority  to  overrule  a  DIB  and  ap- 
prove a  matching  agreement.  The  disapproval  of  the  DIB  may  be 
overturned  only  if  the  Director  of  the  OMB  determines  that  the 
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program  will  be  consistent  with  all  applicable  legal,  regulatory  and 
policy  requirements;  that  there  is  adequate  evidence  that  the 
matching  agreement  will  be  cost-effective;  and  that  the  matching 
program  is  in  the  public  interest.  The  Committee  anticipates  that 
all  three  factors  must  be  met  to  warrant  OMB  reversal  of  a  disap- 
proval by  the  Board. 

Under  the  terms  of  the  House  amendment,  when  OMB  approves 
a  matching  agreement  upon  appeal,  the  decision  must  be  reported 
to  the  Senate  Committee  on  Governmental  Affairs  and  to  the 
House  Committee  on  Government  Operations.  OMB  must  include  a 
detailed  explanation  of  the  reasons  for  its  approval.  The  matching 
agreement  takes  effect  30  days  after  the  Committees  are  notified. 

If  a  matching  program  proposed  by  the  Inspector  General  of  an 
agency  is  disapproved  by  the  Data  Integrity  Board  and  by  the  Di- 
rector of  OMB,  the  Inspector  General  may  report  the  disapproval 
to  the  head  of  the  agency  and  to  the  Congress.  The  Committee  be- 
lieves that  this  reporting  mechanism  is  an  effective  means  of  en- 
suring the  independence  of  the  Inspectors  General,  and  of  putting 
the  Congress  on  notice  of  possible  efforts  by  agencies  or  OMB  to 
prohibit  matching  programs  that  are  legitimate  or  proper  to  con- 
duct. 

Other  Duties  of  the  Data  Integrity  Boards 

The  bill  sets  forth  several  other  functions  for  the  DIB. 

Each  Board  must  review  all  matching  programs  in  which  the 
agency  has  participated  during  the  year,  either  as  a  source  or  re- 
cipient agency.  The  purpose  of  the  review  is  to  determine  compli- 
ance with  applicable  laws,  regulations,  guidelines,  and  matching 
agreements,  and  to  assess  the  costs  and  benefits  of  such  matching 
programs.  While  some  investigation  of  compliance  with  matching 
agreements,  laws,  regulations,  or  guidelines  may  be  warranted 
when  indication  of  problems  come  to  the  Board's  attention,  the 
Board's  review  functions  will  primarily  consist  of  reviews  of  infor- 
mation about  matching  programs  and  occasional  audits  of  the 
matching  programs. 

Each  board  must  review  all  recurring  matching  programs  in 
which  the  agency  has  participated  during  the  year,  for  continued 
justification  of  the  program. 

Each  Board  must  prepare  an  annual  report  on  matching  for  sub- 
mission to  the  head  of  the  agency  and  to  Office  of  Management  and 
Budget.  The  report  of  each  Board  must  also  be  made  available  to 
the  public  upon  request.  OMB  will  consolidate  the  reports  for  the 
various  Boards  and  file  a  single  report  with  the  Congress. 

Reports  by  the  Boards  must  describe  the  matching  activities  of 
the  agency  and  must  include:  (i)  a  description  of  all  matching  pro- 
grams in  which  the  agency  participated  as  a  source  or  recipient 
agency;  and  (ii)  a  description  of  any  matching  agreements  that 
were  proposed  but  disapproved  by  the  Board.  The  House  amend- 
ment requires  the  following  additional  information  to  be  included 
in  the  reports:  (i)  a  description  of  any  changes  in  the  membership 
or  structure  of  the  Board  in  the  preceding  year;  (ii)  the  reasons  for 
any  waiver  of  the  requirement  for  the  completion  and  submission 
of  a  cost-benefit  analysis  prior  to  the  approval  of  a  matching  pro- 
gram; (iii)  information  about  any  violations  of  matching  agree- 
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ments  that  have  been  alleged  or  identified  and  any  corrective 
action  taken;  and  (iv)  any  other  information  required  by  the  Direc- 
tor of  OMB  to  be  included  in  the  report.  This  Committee  endorses 
the  changes  made  by  the  House  amendment. 

Each  Board  is  required  to  serve  as  a  clearinghouse  for  receiving 
and  providing  information  on  the  accuracy,  completeness,  and  reli- 
ability of  records  used  in  matching  programs. 

Each  Board  is  required  to  provide  interpretation  and  guidance  to 
agency  components  and  personnel  on  the  Privacy  Act's  matching 
requirements. 

Each  Board  is  required  to  review  agency  recordkeeping  and  dis- 
posal policies  and  practices  for  matching  programs  to  assure  com- 
pliance with  the  Privacy  Act. 

Finally,  the  bill  provides  discretionary  authority  for  the  Board  to 
review  and  report  on  any  matching  activities  that  are  not  defined 
as  matching  programs  by  this  bill,  including  matching  programs 
exempted  under  section  5.  The  House  amendment  adds  a  provision 
allowing  reports  of  such  programs  to  be  on  an  aggregate  basis  to 
the  extent  necessary  to  protect  on-going  law  enforcement  investiga- 
tions. The  Committee  endorses  this  amendment  as  necessary  to 
protect  such  investigations  and  believes  that  similar  authority  to 
report  on  an  aggregate  basis  should  extend  to  counterintelligence 
matches. 

4-  Verification  and  Due  Process  Protections 

S.  496  includes  provisions  designed  to  provide  due  process  protec- 
tions for  individuals  whose  records  are  matched  in  computer 
matching  programs.  Those  protections  take  the  form  of  requiring 
independent  verification  of  data  produced  by  a  matching  program, 
notice  to  the  individual,  and  an  opportunity  for  the  individual  to 
contest  the  findings  of  the  matching  program  prior  to  adverse 
action  being  taken. 

Before  a  recipient  agency,  non-federal  entity  or  source  agency 
may  suspend,  terminate,  reduce,  or  make  a  final  denial  of  any  fi- 
nancial assistance  or  payment  under  a  federal  benefit  program,  or 
take  any  other  adverse  action  against  an  individual  as  a  result  of 
information  produced  by  a  matching  program,  the  agency  must  in- 
dependently verify  the  information  for  its  accuracy.  This  provision 
is  intended  to  protect  the  subjects  of  matching  programs  against 
loss  of  benefits  or  adverse  action  due  to  erroneous  or  out-of-date  in- 
formation. 

The  independent  verification  requirements  are  not  intended  to 
duplicate  procedures  already  required  by  the  benefit  program 
itself.  The  bill  provides  that  the  verification  requirement  may  be 
satisfied  by  verification  requirements  that  exist,  by  law  or  regula- 
tions, in  the  Federal  benefit  program,  the  eligibility  for  which  the 
applicant's  or  recipient's  records  are  being  matched.  Such  federal 
benefit  program  procedures  can  satisfy  the  requirements  of  the  bill 
so  long  as  such  procedures  include  independent  investigation  and 
confirmation  of  any  information  used  as  a  basis  for  an  adverse 
action  against  the  individual.  The  bill  sets  forth  information  that 
must  be  verified,  such  as  amount  of  asset  or  income  involved,  and 
whether  and  for  what  period  the  individual  had  actual  access  to 
the  income.  The  verification  procedures  should  be  tailored  to  the 
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types  of  data  produced  by  the  match  to  determine  fully  whether  it 
is  accurate  and  timely. 

The  confirmation  required  by  the  bill  can  be  made  by  asking  the 
individual  whose  records  are  matched  for  confirmation  of  the  infor- 
mation or  by  checking  the  data  with  another  source  that  obtained 
the  information  independently.  For  example,  confirmation  of  infor- 
mation indicating  that  a  recipient  of  a  benefit  program  has  exces- 
sive interest  or  dividend  income  (obtained  through  a  match  with 
IRS  records)  could  be  achieved  by  asking  the  recipient  to  confirm 
the  data  or  by  asking  the  bank  that  reported  the  interest  and  divi- 
dend income  to  the  IRS  to  confirm  the  information.  The  Committee 
believes  that  seeking  confirmation  from  the  individual  himself  or 
herself  is  preferable  in  most  instances. 

S.  496  also  requires  that  the  basic  due  process  protections  of 
notice  and  opportunity  to  contest  findings  be  incorporated  into 
every  matching  program  within  the  scope  of  this  bill.  Specifically, 
no  recipient  agency,  non-federal  entity,  or  source  agency  may  sus- 
pend, terminate,  reduce,  or  make  a  final  denial  of  any  financial  as- 
sistance or  payment  under  a  federal  benefit  program,  or  take  any 
other  adverse  action  against  the  individual,  until  a  reasonable 
period  after  the  individual  receives  a  notice  from  the  agency  con- 
taining a  statement  of  its  findings  and  informing  the  individual  of 
the  opportunity  to  contest  such  findings. 

As  with  the  verification  procedures,  the  bill  does  not  intend  the 
procedural  protections  of  this  bill  to  be  a  *  "double-layer"  of  proce- 
dures beyond  those  governing  the  federal  benefit  program  involved. 
Rather,  these  requirements  may  be  satisfied  by  the  notice,  hearing 
and  appeal  rights  governing  the  program  itself.  The  Committee  rec- 
ognizes that  most  federal  benefit  programs — and  many  matching 
programs  mandated  by  law — already  contain  due  process  protec- 
tions. This  provision  is  intended  to  provide  minimal  due  process 
protections  for  those  matches  that  may  not  be  subject  to  such  rules, 
and  to  specifically  direct  those  agencies  who  conduct  matches  to 
apply  due  process  protections  to  matching  programs. 

The  House  amendment  prohibits  agencies  from  taking  adverse 
action  until  60  days  after  the  individual  has  been  notified  and 
given  an  opportunity  to  contest  findings.  The  Committee  believes, 
however,  that  problems  may  emerge  from  the  imposition  of  a  man- 
datory 60-day  rule.  First,  a  strict  60-day  rule  could  conflict  with  the 
procedural  due  process  rules  governing  the  federal  benefit  program 
itself,  leaving  confusion  among  agency  administrators  over  which 
rule  to  follow.  Second,  in  some  instances  a  60-day  wait  before 
taking  adverse  action  could  be  too  long,  allowing  ineligible  individ- 
uals to  continue  to  receive  governnment  benefits.  Yet  in  other  in- 
stances, 60  days  may  be  shorter  than  the  time  allowed  by  the  bene- 
fit program  itself  to  contest  findings. 

To  correct  these  problems,  the  Committee  will  propose  replacing 
the  House  amendment's  60-day  rule  with  a  requirement  that  no  ad- 
verse action  be  taken  by  an  agency  or  non-federal  entity  until  the 
notice  period  provided  by  the  Federal  benefit  program's  laws  or 
regulations  has  expired  (running  from  the  date  when  notice  and 
opportunity  to  contest  findings  were  given),  or  30  days,  whichever 
is  later.  This  provision  will  shorten  the  delay  to  minimize  the 
danger  of  allowing  erroneous  payments  to  continue,  while  assuring 
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that  a  minimal  response  period  of  30  days  is  given,  which  is  neces- 
sary to  comport  with  due  process  rights. 

The  House  bill  adds,  and  the  Committe  endorses,  a  limited  excep- 
tion to  this  waiting  period.  An  agency  may  take  any  appropriate 
action  that  might  otherwise  be  prohibited  if  it  determines  that 
public  health  or  safety  may  be  adversely  or  signficantly  threatened 
within  the  waiting  period.  The  Committee  anticipates  that  this  ex- 
ception will  be  used  rarely,  and  due  process  protections  would  still 
be  afforded  after  the  adverse  action  has  occurred. 

5.  Reports  to  Congress 

The  House  bill  includes,  and  the  Committee  endorses,  a  require- 
ment that  the  Director  of  OMB  file  a  report  to  the  Congress  on 
matching  activity.  The  purpose  of  this  report  is  to  consolidate  the 
information  contained  in  the  reports  of  the  Data  Integrity  Boards. 
The  bill  specifies  elements  that  must  be  contained  in  these  reports 
and  specifies  that  the  reports  may  contain  other  information  that 
the  Director  determines  to  be  relevant  for  oversight  of  matching. 
The  reports  must  also  include  information  about  matching  activi- 
ties not  covered  by,  or  excluded  by,  the  bill.  Such  information  may 
take  the  form  of  aggregate  data  in  order  to  protect  any  law  en- 
forcement activities  that  may  be  jeopardized  by  publicity  or  disclo- 
sure. The  Committee  would  extend  this  provision  to  reporting  on 
counterintelligence  matching  activities. 

6.  Sanctions 

The  sanction  for  violating  the  provisions  of  this  bill  is  a  prohibi- 
tion against  disclosure  of  records  for  a  matching  program.  The  bill 
provides  that,  notwithstanding  any  other  provision  of  law,  no 
source  agency  may  disclose  any  record  contained  in  a  system  of 
records  to  a  federal  agency  or  non-federal  entity  for  a  matching 
program  if  the  source  agency  has  reason  to  believe  that  the  verifi- 
cation requirements  of  the  bill,  or  the  terms  of  the  matching  agree- 
ment are  not  being  met  by  the  agency  receiving  the  records.  The 
House  amendment  adds  a  provision,  endorsed  by  the  Committee, 
which  prohibits  renewal  of  a  matching  agreement  by  a  source 
agency  unless  the  receiving  agency  (or  non-fedeal  entity)  has  certi- 
fied that  it  has  complied  with  the  matching  agreement  and  if  the 
source  agency  has  no  reason  to  believe  that  the  certification  is  in- 
accurate. 

V.  Section-by-Section  Analysis 

S.  496,  As  Reported  by  the  Committee  on  Governmental  Affairs  and  Passed  by  the 

Senate  (May  21,  1987) 

SECTION  1 — SHORT  TITLE 

This  section  provides  that  the  act  may  be  cited  as  the  "Computer 
Matching  and  Privacy  Protection  Act  of  1987." 

SECTION  2 — MATCHING  AGREEMENTS 

This  section  adds  a  new  (b)(13)  exception  to  the  Privacy  Act  of 
1974,  5  U.S.C.  Section  552a,  authorizing  disclosures  of  records  from 
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systems  of  records  to  a  recipient  agency  or  non-Federal  matching 
entity  pursuant  to  a  matching  agreement  under  this  act. 

This  section  also  adds  three  new  subsections  to  the  Privacy  Act, 
designated  as  subsections  (o),  (p),  and  (q). 

Subsection  (o) — Matching  Agreements 

Prior  to  disclosing  any  record  in  a  system  of  records  to  a  recipi- 
ent agency  or  non-Federal  matching  entity  for  use  in  a  computer 
matching  program,  the  source  agency  and  recipient  agency  (or  non- 
Federal  entity)  must  enter  into  a  written  agreement  specifying  9 
elements: 

(1)  the  justification,  purpose,  and  legal  authority  for  conduct- 
ing the  program; 

(2)  a  description  of  the  records  that  will  be  matched,  includ- 
ing each  data  element  that  will  be  used,  the  approximate 
number  of  records  that  will  be  matched,  and  the  projected 
starting  and  completion  dates  of  the  matching  program; 

(3)  procedures  for  notifying  upon  application  and  periodically 
thereafter  applicants  for  or  recipients  of  financial  assistance  or 
payments  under  Federal  benefit  programs,  and  applicants  for 
and  holders  of  positions  as  Federal  personnel,  that  any  infor- 
mation provided  by  such  applicants,  recipients,  and  holders 
may  be  subject  to  verification  through  matching  programs; 

(4)  procedures  for  verifying  information  produced  in  such 
matching  programs; 

(5)  procedures  for  retention  and  destruction  of  records  cre- 
ated by  such  matching  programs; 

(6)  procedures  for  ensuring  the  administrative,  technical,  and 
physical  security  of  the  records  matched  and  the  results  of 
such  programs; 

(7)  prohibitions  on  duplication  and  redisclosure  of  records 
provided  by  the  source  agency  within  or  outside  the  recipient 
agency  or  the  non-Federal  matching  entity,  unless  authorized 
by  the  source  agency  with  the  terms  of  the  agreement; 

(8)  procedures  for  governing  the  use  of  the  records  provided 
by  the  source  agency  for  use  in  a  matching  program,  including 
procedures  governing  return  to  the  source  agency  or  destruc- 
tion of  the  records  used  in  the  match;  and 

(9)  information  on  assessments  that  have  been  made  on  the 
accuracy  of  the  records  that  will  be  used  in  the  matching  pro- 
gram. 

Subsection  (p) — Verification 

No  recipient  agency,  non-Federal  matching  entity  or  source 
agency  may  suspend,  terminate,  reduce,  or  make  a  final  denial  of 
any  financial  assistance  or  payment  under  a  federal  benefit  pro- 
gram to  any  individual,  or  take  any  other  adverse  action  against 
an  individual  as  a  result  of  information  produced  by  a  matching 
program,  until  an  office  or  employee  of  the  agency  has  independ- 
ently verified  the  information.  The  independent  verification  re- 
quirement may  be  satisfied  either  by  verification  requirements  gov- 
erning the  federal  benefit  program  and  shall  include  independent 
verification  of: 

(A)  the  amount  of  the  asset  or  income  involved; 
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(B)  whether  the  individual  actually  has  or  had  access  to  such 
asset  or  income  for  the  individual's  own  use; 

(C)  the  period  or  periods  when  the  individual  actually  had 
such  asset  or  income. 

No  recipient  agency,  non-Federal  matching  entity  or  source 
agency  may  suspend,  terminate,  reduce,  or  make  a  final  denial  of 
any  financial  assistance  or  payment  under  a  Federal  benefit  pro- 
gram to  any  individual  whose  records  are  used  in  a  matching  pro- 
gram, or  may  take  other  adverse  action  against  the  individual  as  a 
result  of  information  produced  by  a  matching  program  until  the  in- 
dividual receives  notice  of  the  findings  and  has  been  given  an  op- 
portunity to  contest  such  findings.  The  opportunity  to  contest  may 
be  satisfied  by  notice,  hearing,  and  appeal  rights  governing  the 
Federal  benefit  program. 

Subsection  (q) — Sanctions 

Notwithstanding  any  other  provision  of  law,  no  source  agency 
may  disclose  any  record  which  is  contained  in  a  system  of  records 
to  a  recipient  agency  or  non-Federal  matching  entity  for  a  match- 
ing program  if  such  source  agency  has  reason  to  believe  that  the 
requirements  of  subsection  (p)  and  any  matching  agreement  en- 
tered into  pursuant  to  subsection  (o)  are  not  being  met  by  such  re- 
cipient agency  or  entity. 

SECTION  3 — NOTICE  OF  MATCHING  PROGRAMS 

Subsection  (a)  amends  subsection  (e)  of  the  Privacy  Act  by  adding 
a  new  paragraph  (12).  The  new  paragraph  requires  source  and  re- 
cipient agencies  to  publish  in  the  Federal  Register  notice  of  the  es- 
tablishment or  revision  of  a  matching  program  at  least  30  days 
prior  to  conducting  the  program. 

Subsection  (b)  amends  subsection  (r)  (as  redesignated)  of  the  Pri- 
vacy Act  regarding  reporting  on  new  or  changed  systems  of 
records.  The  new  language  extends  the  existing  reporting  require- 
ment to  matching  programs. 

SECTION  4 — DATA  INTEGRITY  BOARDS 

This  section  adds  a  new  subsection  (u)  to  the  Privacy  Act  regard- 
ing Data  Integrity  Boards. 

Paragraph  (1)  requires  that  every  agency  conducting  or  partici- 
pating in  a  matching  program  shall  establish  a  Data  Integrity 
Board  to  oversee  and  coordinate  among  the  various  components  of 
such  agency  the  agency's  implementation  of  the  bill. 

Paragraph  (2)  requires  that  each  Data  Integrity  Board  shall  con- 
sist of  senior  officials  designated  by  the  head  of  the  agency  and 
shall  include  any  senior  official  designated  by  the  head  of  the 
agency  as  responsible  for  implementation  of  the  Privacy  Act.  The 
Inspector  General  of  the  agency,  if  any,  shall  be  a  member  of  the 
Board,  but  the  Inspector  General  shall  not  serve  as  chairman  of 
the  Board. 

Paragraph  (3)  sets  forth  the  functions  of  the  Data  Integrity 
Boards.  These  Boards  shall: 

(A)  review,  approve,  and  maintain  all  written  agreements  for 
receipt  or  disclosure  of  agency  records  for  matching  programs 
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to  ensure  compliance  with  subsection  (o),  and  all  relevant  stat- 
utes, regulations,  and  guidelines; 

(B)  review  all  matching  programs  in  which  the  agency  has 
participated  during  the  year,  either  as  a  source  agency  or  re- 
cipient agency,  determine  compliance  with  applicable  laws, 
regulations,  and  agency  agreements,  and  assess  the  cost-bene- 
fits of  such  programs; 

(C)  review  all  recurring  matching  programs  in  which  the 
agency  has  participated  during  the  year,  either  as  a  source 
agency  or  recipient  agency,  for  continued  justification  for  such 
disclosures  and  for  compliance  with  applicable  laws,  regula- 
tions, and  matching  agreements,  and  assess  the  cost-benefits  of 
such  programs; 

(D)  compile  an  annual  report  to  the  head  of  the  agency  and 
the  Office  of  Management  and  Budget  on  the  matching  activi- 
ties of  the  agency,  including  matching  programs  in  which  the 
agency  has  participated  as  a  source  agency  or  recipient  agency; 
matching  agreements  proposed  under  subsection  (o)  that  were 
disapproved  by  the  Board;  and  the  matching  of  records  as  a 
source  agency  or  recipient  agency  under  programs  not  covered 
by  this  section  or  described  in  subparagraphs  (A)  through  (E)  of 
subsection  (a)(8); 

(E)  serve  as  a  clearinghouse  for  receiving  and  providing  in- 
formation on  the  accuracy,  completeness,  and  reliability  of 
records  used  in  matching  programs; 

(F)  provide  interpretation  and  guidance  to  agency  compo- 
nents and  personnel  on  the  requirements  of  this  section  with 
respect  to  matching  programs; 

(G)  review  agency  recordkeeping  and  disposal  policies  and 
practices  with  regard  to  matching  programs  to  assure  compli- 
ance with  this  section;  and 

(H)  review  and  coordinate  privacy  training  programs  for  the 
agency's  personnel. 

Paragraph  (4)  provides  that  each  Board  shall  maintain  such  staff 
as  necessary  to  carry  out  its  functions  under  this  subsection,  in- 
cluding persons  designated  by  the  head  of  the  agency  as  responsi- 
ble for  implementation  of  the  Privacy  Act. 

Paragraph  (5)  directs  OMB  to  file  an  annual  report  with  the  Con- 
gress which  consolidates  the  information  contained  in  the  reports 
from  the  Boards. 

SECTION  5— DEFINITIONS 

This  section  adds  new  definitions  to  the  Privacy  Act. 

"Matching  program"  means  any  computerized  comparison  of  (i) 
two  or  more  automated  systems  of  records  or  a  system  of  records 
with  non-Federal  records  for  the  purpose  of  (I)  establishing  or  veri- 
fying the  eligibility  of,  or  continuing  compliance  with  statutory  and 
regulatory  requirements  by,  applicants  for,  recipients  or  benefici- 
aries of,  participants  in,  or  providers  of  services  with  respect  to, 
cash  or  in-kind  assistance  or  payments  under  Federal  benefits  pro- 
grams, or  (II)  recouping  payments  or  delinquent  debts  under  Feder- 
al benefit  programs,  or  (ii)  two  or  more  automated  Federal  person- 
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nel  or  payroll  systems  of  records  or  a  system  of  Federal  personnel 
or  payroll  records  with  non-federal  records. 

A  matching  program  does  not  include:  (i)  matches  performed  to 
produce  aggregate  statistical  data  without  any  personal  identifiers; 
(ii)  matches  performed  to  support  any  research  or  statistical 
project,  the  specific  data  of  which  may  not  be  used  to  make  deci- 
sions concerning  the  rights,  benefits  or  privileges  of  specific  indi- 
viduals; (iii)  matches  performed  by  a  source  agency  in  which  no 
records  are  matched  outside  the  source  agency,  unless  the  records 
involve  a  comparison  of  the  source  agency's  personnel  or  payroll 
records  with  the  records  of  a  Federal  benefit  program  administered 
by  the  agency;  (iv)  matches  performed  by  an  agency  or  component 
which  performs  as  its  principal  function  any  activity  pertaining  to 
the  enforcement  of  criminal  laws,  subsequent  to  the  initiation  of  a 
specific  law  enforcement  investigation  for  the  purpose  of  gathering 
evidence  against  named  individuals;  (v)  matches  of  tax  information 
pursuant  to  section  6103(d)  of  the  Internal  Revenue  Code  of  1986; 
and  (vi)  matches  performed  to  produce  background  checks  for  secu- 
rity clearances  of  federal  personnel. 

"Recipient  agency' '  means  any  agency,  or  contractor  thereof,  re- 
ceiving records  contained  in  a  system  of  records  from  a  source 
agency  for  use  in  a  matching  program. 

"Non-Federal  entity"  means  any  State  or  local  government,  or 
agency  thereof,  partnership,  corporation,  association,  or  public  or 
private  organization  receiving  records  contained  in  a  system  of 
records  from  a  source  agency  for  use  in  a  matching  program; 

"Source  agency"  means  any  agency  or  any  State  or  local  govern- 
ment, or  agency  thereof,  which  discloses  records  contained  in  a 
system  of  records  to  be  used  in  a  matching  program; 

"Federal  benefit  program"  means  any  program  administered  by 
the  Federal  Government,  or  any  agent  thereof,  providing  cash  or 
in-kind  assistance  in  the  form  of  payments,  grants,  loans,  or  loan 
guarantees  to  individuals. 

"Federal  personnel"  means  officers  and  employees  of  the  Govern- 
ment of  the  United  States,  members  of  the  uniformed  services  (in- 
cluding members  of  the  Reserve  Components),  individuals  entitled 
to  receive  immediate  or  deferred  retirement  benefits  under  any  re- 
tirement program  of  the  Government  of  the  United  States  (includ- 
ing survivor  benefits). 

VI.  Estimated  Cost  of  Legislation 

U.S.  Congress, 
Congressional  Budget  Office, 
Washington,  DC,  September  12,  1988. 

Hon.  John  Glenn, 

Chairman,  Committee  on  Governmental  Affairs, 
U.S.  Senate,  Washington,  DC. 

Dear  Mr.  Chairman:  The  Congressional  Budget  Office  has  re- 
vised its  cost  estimate  for  S.  496,  the  Computer  Matching  and  Pri- 
vacy Protection  Act  of  1987,  as  passed  by  the  Senate,  May  21,  1987. 
This  estimate  supersedes  our  previous  estimate  dated  August  5, 
1988. 
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Based  on  information  provided  by  the  Department  of  Health  and 
Human  Services  (HHS),  the  Department  of  Defense  and  a  Member 
of  other  agencies,  CBO  estimates  that  enacting  this  legislation 
would  result  in  costs  to  the  federal  government  of  up  to  $2  million 
during  the  first  year  after  enactment,  and  less  than  $1  million  an- 
nually thereafter. 

S.  496  would  establish  procedures  to  regulate  the  use  of  computer 
matching  by  federal  agencies  or  by  nonfederal  agencies  with  feder- 
al records.  These  procedures  would  include  preparing  matching 
agreements  with  agencies  when  sharing  data,  providing  the  right 
to  appeal  to  individuals  affected  by  information  obtained  in  a 
match,  and  establishing  data  integrity  boards  to  oversee  matching 
activities. 

Most  of  the  costs  associated  with  the  act  would  result  from  pre- 
paring matching  agreements  required  by  section  2  of  the  act.  Al- 
though agencies  currently  have  agreements  covering  some  match- 
ing activities,  S.  496  would  require  more  extensive  agreements,  and 
would  require  them  for  all  matches.  The  agreements  would  specify 
the  purpose  and  legal  authority  of  the  match,  the  methodology  to 
be  used,  and  expected  results;  they  would  also  include  notification 
and  verification  procedures  for  indiviuals  affected  by  a  match. 

The  magnitude  of  the  first-year  costs  is  difficult  to  predict.  If  ex- 
isting matching  agreements  would  satisfy  the  requirements  of  the 
act,  then  there  would  be  little  additional  cost  to  the  government. 
However,  if  the  existing  agreements  would  need  substantial  addi- 
tional work,  CBO  estimates  that  costs  would  be  around  $1  million 
during  the  first  year  after  enactment.  Costs  in  future  years  would 
be  much  lower,  because  the  agreements  would  probably  need  only 
minor  updating. 

Another  potential  cost  associated  with  enacting  S.  496  would  be 
establishing  data  integrity  boards  required  by  Section  4.  These 
boards  would  oversee  an  agency's  matching  activities,  and  would 
review  the  matching  agreements  required  by  Section  2.  Many  agen- 
cies already  have  some  type  of  formal  or  informal  group  similar  to 
a  data  integrity  board.  Nevertheless,  because  many  agencies  would 
probably  devote  more  time  to  these  activities,  there  would  be  some 
additional  cost  to  the  government,  probably  less  than  $1  million  an- 
nually. 

Section  4  would  also  require  agencies  to  prepare  cost/benefit 
analyses  for  all  proposed  matches,  which  would  be  reviewed  by  the 
data  integrity  boards.  Preparing  these  analyses  would  probably 
result  in  some  additional  costs,  but  they  would  also  discourage 
agencies  from  attempting  some  matches  that  would  not  be  cost  ef- 
fective. CBO  expects  that  these  two  effects  would  probably  offset 
each  other  and,  therefore,  would  result  in  no  significant  costs  or 
savings  to  the  government. 

CBO  does  not  expect  other  sections  of  S.  496  to  have  a  significant 
effect  on  the  federal  budget.  These  sections  would,  among  other 
things,  require  federal  agencies  to  publish  in  the  Federal  Register 
notice  of  matching  programs  with  nonfederal  entities  and  exempt 
matches  formed  for  statistical  or  law  enforcement  purposes  from 
the  act's  requirements. 

Estimated  Cost  to  State  and  Local  Governments.— CBO  expects 
that  enacting  S.  496  would  require  state  and  local  agencies  in- 
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volved  in  computer  matching  with  federal  agencies  to  adopt  some 
new  procedures  to  comply  with  the  verification  and  notification  re- 
quirements of  the  act,  and  to  expand  matching  agreements  with 
federal  agencies.  Based  on  information  provided  by  the  American 
Public  Welfare  Association  and  the  National  Association  of  State 
Information  Systems,  CBO  estimates  that  the  costs  associated  with 
these  activities  would  not  be  significant. 

Previous  CBO  Estimate. — On  August  5,  1988,  CBO  prepared  an 
estimate  for  this  bill.  That  earlier  analysis  discussed  the  potential 
budget  impact  that  would  result  if  programs  in  the  Office  of  Child 
Support  Enforcement  at  the  Department  of  Health  and  Human 
Services  (HHS)  were  covered  by  this  bill.  New  information  provided 
by  HHS  indicates  that  report  language  accompanying  the  bill  is 
sufficient  to  establish  that  these  programs  are  not  covered. 

If  you  wish  further  details  on  this  estimate,  we  will  be  pleased  to 
provide  them.  The  CBO  staff  contact  is  Michael  Sie verts,  who  can 
be  reached  at  226-2860. 
Sincerely, 

James  L.  Blum, 

Acting  Director. 

VII.  Evaluation  of  Regulatory  Impact 

Pursuant  to  the  requirements  of  paragraph  11(b)  of  Rule  XXVI  of 
the  Standing  Rules  of  the  Senate,  the  Committee  has  considered 
the  regulatory  and  paperwork  impact  of  S.  496,  the  Computer 
Matching  and  Privacy  Protection  Act  of  1987. 

S.  496,  as  reported,  requires  federal  agencies  participating  in 
computer  matching  programs,  as  defined  by  the  bill,  to  enter  into 
written  matching  agreements  prior  to  disclosing  records  for  such 
matching  programs.  The  bill  also  establishes  Data  Integrity  Boards, 
within  agencies  participating  in  matching  programs,  to  oversee  and 
coordinate  implementation  of  S.  496.  Finally,  the  bill  establishes 
procedural  safeguards  for  individuals  whose  records  are  matched  in 
programs  covered  by  the  Act. 

While  the  bill  requires  Federal  agencies  to  enter  into  matching 
agreements  prior  to  conducting  or  participating  in  matching  pro- 
grams covered  by  the  bill,  and  requires  agencies  to  establish  proce- 
dures to  verify  information  obtained  from  computer  matching  pro- 
grams, the  Committee  does  not  believe  that  this  will  result  in  any 
additional  regulatory  impact  on  individuals  whose  records  are  used 
in  computer  matching  programs  covered  by  S.  496,  since  such  indi- 
viduals already  would  be  subject  to  the  rules  and  regulations  gov- 
erning the  Federal  benefit  programs  involved  in  the  matching  pro- 
gram. The  Committee  believes  that  this  bill  will  enhance  the  per- 
sonal privacy  rights  of  individuals  whose  records  are  exchanged  in 
matching  programs,  since  S.  496  establishes  procedural  safeguards 
on  the  disclosures  of  records  for  computer  matching  purposes.  The 
Committee  does  not  foresee  any  significant  paperwork  impact  re- 
sulting from  this  legislation. 

VIII.  Changes  in  Existing  Law 

In  compliance  with  paragraph  12  of  rule  XXVI  of  the  Standard 
Rules  of  the  Senate,  changes  in  existing  law  made  by  the  bill,  as 
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reported,  are  shown  as  follows  (existing  law  proposed  to  be  omitted 
is  enclosed  in  black  brackets,  new  matter  is  printed  in  italic,  exist- 
ing law  in  which  no  change  is  proposed  is  shown  in  roman): 

TITLE  5,  UNITED  STATES  CODE 
PART  I— THE  AGENCIES  GENERALLY 

******* 

CHAPTER  5— ADMINISTRATIVE  PROCEDURE 

SUBCHAPTER  II— ADMINISTRATIVE  PROCEDURE 

******* 

§  552a.  Records  maintained  on  individuals 

(a)  Definitions. — For  purposes  of  this  section — 

Q)  *    *  * 

(6)  the  term  "statistical  record' '  means  a  record  in  a  system 
of  records  maintained  for  statistical  research  or  reporting  pur- 
poses only  and  not  used  in  whole  or  in  part  in  making  any  de- 
termination about  an  identifiable  individual,  except  as  provi- 
died  by  section  8  of  title  12;  [and] 

(7)  the  term  '  'routine  use"  means,  with  respect  to  the  disclo- 
sure of  a  record,  the  use  of  such  record  for  a  purpose  which  is 
compatible  with  the  purpose  for  which  it  was  collected [.]; 

(8)  the  term  "matching program" — 

(A)  means  any  computerized  comparison  of— 

(i)  two  or  more  automated  systems  of  records  of  a 
system  of  records  with  non-Federal  records  for  the  pur- 
pose of— 

(I)  establishing  or  verifying  the  eligibility  of  or 
continuing  compliance  with  statutory  and  regula- 
tory requirements,  by  applicants,  recipients,  benefi- 
ciaries, or  participants  for,  or  providers  of  services 
with  respect  to,  financial  assistance  or  payments 
under  Federal  benefit  programs,  or 

(II)  recouping  payments  or  delinquent  debts 
under  such  Federal  benefit  programs,  or 

(ii)  two  or  more  automated  Federal  personnel  or  pay- 
roll systems  of  records  or  a  system  of  Federal  personnel 
or  payroll  records  with  a  set  of  non-Federal  records, 

(B)  but  does  not  include — 

(i)  matches  performed  to  produce  aggregate  statistical 
data  without  any  personal  identifiers; 

(ii)  matches  performed  to  support  any  research  or  sta- 
tistical project,  the  specific  data  of  which  cannot  be 
used  to  make  decisions  concerning  the  rights,  benefits, 
or  privileges  of  specific  individuals; 
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(iii)  matches  performed  by  a  source  agency  in  which 
no  records  are  matched  outside  such  source  agency  or 
any  component  thereof,  unless  those  matches  involve  a 
comparison  of  the  source  agency's  personnel  or  payroll 
records  with  the  records  of  a  Federal  benefit  program 
administered  by  that  agency; 

(iv)  matches  performed  subsequent  to  the  initiation 
of  a  specific  law  enforcement  investigation  by  an 
agency  or  component  thereof  which  performs  as  its 
principal  function  any  activity  pertaining  to  the  en- 
forcement of  criminal  laws,  for  the  purpose  of  gather- 
ing evidence  for  a  prospective  law  enforcement  proceed- 
ing against  named  individuals; 

(v)  matches  of  tax  information  pursuant  to  section 
6103(d)  of  the  Internal  Revenue  Code  of  1986;  or 

(vi)  matches  performed  to  produce  background  checks 
for  security  clearance  of  Federal  personnel; 

(9)  the  term  "recipient  agency"  means  any  agency,  or  contrac- 
tor thereof  receiving  records  contained  in  a  system  of  records 
from  a  source  agency  for  use  in  a  matching  program; 

(10)  the  term  "non-Federal  entity"  means  any  State  or  local 
government,  or  agency  thereof,  partnership,  corporation,  associa- 
tion, or  public  or  private  organization  receiving  records  con- 
tained in  a  system  of  records  from  a  source  agency  for  use  in  a 
matching  program; 

(11)  the  term  "source  agency"  means  any  agency  or  any  State 
or  local  government,  or  agency  thereof,  which  discloses  records 
contained  in  a  system  of  records  to  be  used  in  a  matching  pro- 
gram; 

(12)  the  term  "Federal  benefit  program"  means  any  program 
administered  by  the  Federal  Government,  or  any  agent  thereof, 
providing  cash  or  in-kind  assistance  in  the  form  of  payments, 
grants,  loans,  or  loan  guarantees  to  individuals;  and 

(13)  the  term  "Federal  personnel"  means  officers  and  employ- 
ees of  the  Government  of  the  United  States,  members  of  the  uni- 
formed services  (including  members  of  the  Reserve  Components), 
individuals  entitled  to  receive  immediate  or  deferred  retirement 
benefits  under  any  retirement  program  of  the  Government  of  the 
United  States  (including  survivor  benefits). 

******* 

(b)  Conditions  of  Disclosure. — No  agency  shall  disclose  any 
record  which  is  contained  in  a  system  of  records  by  any  means  of 
communications  to  any  person,  or  to  another  agency,  except  pursu- 
ant to  a  written  request  by,  or  with  the  prior  written  consent  of, 
the  individual  to  whom  the  record  pertains,  unless  disclosure  of  the 

record  would  be — 

*  *  * 

******* 

(11)  pursuant  to  the  order  of  a  court  of  competent  jurisdic- 
tion; [or] 

(12)  to  a  consumer  reporting  agency  in  accordance  with  sec- 
tion 3711(f)  of  title  31  [.J;  or 
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(13)  to  a  recipient  agency  or  non-Federal  matching  entity  pur- 
suant to  a  written  matching  agreement  under  subsection  (o)  of 
this  section. 

******* 

(e)  Agency  Requirements. — Each  agency  that  maintains  a 

system  of  records  shall — 

^■jj  *  *  * 

(10)  establish  appropriate  administrative,  technical,  and 
physical  safeguards  to  ensure  the  security  and  confidentiality 
of  records  and  to  protect  against  any  anticipated  threats  or 
hazards  to  their  security  or  integrity  which  could  result  in  sub- 
stantial harm,  embarrassment,  inconvenience,  or  unfairness  to 
any  individual  on  whom  information  is  maintained;  [and] 

(11)  at  least  30  days  prior  to  publication  of  information  under 
paragraph  4(D)  of  this  subection,  publish  in  the  Federal  Regis- 
ter notice  of  any  new  use  or  intended  use  of  the  information  in 
the  system,  and  provide  an  opportunity  for  interested  persons 
to  submit  written  data,  views,  or  arguments  to  the  agency [.]; 
and 

(12)  if  such  agency  is  a  recipient  agency  or  a  source  agency  in 
a  matching  progam  with  a  non-Federal  matching  entity,  with 
respect  to  any  establishment  or  revision  of  a  matching  program, 
at  least  30  days  prior  to  conducting  such  program,  publish  in 
the  Federal  Register  notice  of  such  establishment  or  revision. 

(b)  Report  to  Congress  and  Office  of  Management  and 
Budget.— 

(1)  In  general. — Subsection  (r)  of  section  552a  of  title  5, 
United  States  Code,  as  redesignated  by  section  2(b)(1)  of  this 
Act,  is  amended  by  striking  out  "system  of  records  "and  insert- 
ing in  lieu  thereof  "system  of  records  or  matching  program". 

(2)  Clerical  amendment. — The  heading  of  such  subsection 
(r)  is  amended  by  inserting  "or  Programs"  after  "Systems". 

******* 

(o)  Matching  Agreements. — Prior  to  disclosing  any  record  which 
is  contained  in  a  system  of  records  to  a  recipient  agency  or  non-Fed- 
eral matching  entity  for  use  in  a  computer  matching  program,  a 
source  agency  and  the  recipient  agency  or  non-Federal  matching 
entity  shall  enter  into  a  written  agreement  specifying — 

(1)  the  justification,  purpose  and  legal  authority  for  conduct- 
ing the  program; 

(2)  a  description  of  the  records  that  will  be  matched,  includ- 
ing each  data  element  that  will  be  used,  the  approximate 
number  of  records  that  will  be  matched,  and  the  projected  start- 
ing and  completion  dates  of  the  matching  program; 

(3)  procedures  for  notifying  upon  application  and  periodically 
thereafter — 

(A)  applicants  for  and  recipients  of  financial  assistance 
or  payments  under  Federal  benefit  programs,  and 

(B)  applicants  for  and  holders  of  positions  as  Federal  per- 
sonnel, that  any  information  provided  by  such  applicants, 
recipients,  and  holders  may  be  subject  to  verification 
through  matching  programs; 
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(4)  procedures  for  verifying  information  produced  in  such 
matching  program  as  required  by  subsection  (p); 

(5)  procedures  for  retention  and  destruction  of  records  created 
by  such  matching  program; 

(6)  procedures  for  ensuring  the  administrative,  technical,  and 
physical  security  of  the  records  matched  and  the  results  of  such 
programs; 

(7)  prohibitions  on  duplication  and  redisclosure  of  records 
provided  by  the  source  agency  within  or  outside  the  recipient 
agency  or  the  non-Federal  matching  entity,  unless  authorized  by 
the  source  agency  with  the  terms  of  the  authorization; 

(8)  procedures  governing  the  use  of  the  records  provided  by  the 
source  agency  for  use  in  a  matching  program  including  proce- 
dures governing  return  to  the  source  agency  or  destruction  of  the 
records  used  in  such  prorgam;  and 

(8)  procedures  governing  the  use  of  the  records  provided  by  the 
source  agency  for  use  in  a  matching  program  including  proce- 
dures governing  return  to  the  source  agency  or  destruction  of  the 
records  used  in  such  program;  and 

(9)  information  on  assessments  that  have  been  made  on  the 
accuracy  of  the  records  that  will  be  used  in  such  matching  pro- 
gram. 

(p)  Verification  and  Opportunity  To  Contest  Findings. — (1) 
In  order  to  protect  any  individual  whose  records  are  used  in  match- 
ing programs,  no  recipient  agency,  non-Federal  matching  entity,  or 
source  agency  may  suspend,  terminate,  reduce,  or  make  a  final 
denial  of  any  financial  assistance  under  a  Federal  benefit  program 
to  such  individual,  or  take  other  adverse  action  against  such  indi- 
vidual as  a  result  of  information  produced  by  such  matching  pro- 
grams, until  such  agency  or  entity  has  independently  verified  such 
information.  Subject  to  the  requirements  of  this  subsection,  such  in- 
dependent verification  may  be  satisfied  by  verification  requirements 
governing  such  Federal  benefit  program. 

(2)  Independent  verification  required  by  paragraph  (1)  shall  in- 
clude verification  of— 

(A)  the  amount  of  the  asset  or  income  involved, 

(B)  whether  such  individual  actually  has  or  had  access  to 
such  asset  or  income  for  such  individual's  own  use,  and 

(C)  the  period  or  periods  when  the  individual  actually  had 
such  asset  or  income. 

(3)  No  recipient  agency,  non-Federal  matching  entity,  or  source 
agency  may  suspend,  terminate,  reduce,  or  make  a  final  denial  of 
any  assistance  under  a  Federal  benefit  program  to  any  individual 
described  in  paragraph  (1),  or  take  other  adverse  action  against  such 
individual  as  a  result  of  information  produced  by  a  matching  pro- 
gram, until  such  individual  has  been  notified  by  such  agency  or 
entity  of  its  findings  and  has  been  given  an  opportunity  to  contest 
such  findings.  Such  opportunity  may  be  satisfied  by  notice,  hearing, 
and  appeal  rights  governing  such  Federal  benefit  program. 

(q)  Sanctions. — Notwithstanding  any  other  provison  of  law,  no 
source  agency  may  disclose  any  record  which  is  contained  in  a 
system  of  records  to  a  recipient  agency  or  non-Federal  matching 
entity  for  a  matching  program  if  such  source  agency  has  reason  to 
believe  that  the  requirements  of  subsection  (p)  and  any  matching 
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agreement  entered  into  pursuant  to  subsection  (o)  are  not  being  met 
by  such  recipient  agency  or  entity. 

[(o)]  (r)  Report  on  New  Systems. — Each  agency  shall  provide 
adequate  advance  notice  to  Congress  and  the  Office  of  Management 
and  Budget  of  any  proposal  to  establish  or  alter  any  system  of 
records  in  order  to  permit  an  evaluation  of  the  probable  or  poten- 
tial effect  of  such  proposal  on  the  privacy  and  other  personal  or 
property  rights  of  individuals  or  the  disclosure  of  information  relat- 
ing to  such  individuals,  and  its  effect  on  the  preservation  of  the 
constitutional  principles  of  federalism  and  separation  of  powers. 

[(p)]  (s)  Annual  Report.— The  President  shall  annually  submit 
to  the  Speaker  of  the  House  of  Representatives  and  the  President 
pro  tempore  of  the  Senate  a  report — 

(1)  describing  the  actions  of  the  Director  of  the  Office  of 
Management  and  Budget  pursuant  to  section  6  of  the  Privacy 
Act  of  1974  during  the  preceding  year; 

(2)  describing  the  exercise  of  individual  rights  of  access  and 
amendment  under  this  section  during  such  year; 

(3)  identifying  changes  in  or  additions  to  systems  of  records; 

(4)  containing  such  other  information  concerning  administra- 
tion of  this  section  as  may  be  necessary  or  useful  to  the  Con- 
gress in  reviewing  the  effectiveness  of  this  section  in  carrying 
out  the  purposes  of  the  Privacy  Act  of  1974. 

[(q)]  (tXX)  Effect  of  Other  Laws. — No  agency  shall  rely  on  any 
exemption  contained  in  section  552  of  this  title  to  withhold  from  an 
individual  any  record  which  is  otherwise  accessible  to  such  individ- 
ual under  the  provisions  of  this  section. 

(2)  No  agency  shall  rely  on  any  exemption  in  this  section  to  with- 
hold from  an  individual  any  record  which  is  otherwise  accessible  to 
such  individual  under  the  provisions  of  section  551  of  this  title. 

(u)  Data  Integrity  Boards. — (1)  Every  agency  conducting  or  par- 
ticipating in  a  matching  program  shall  establish  a  Data  Integrity 
Board  to  oversee  and  coordinate  among  the  various  components  of 
such  agency  the  agency's  implementation  of  this  section. 

(2)  Each  Data  Integrity  Board  shall  consist  of  senior  officials  des- 
ignated by  the  head  of  the  agency,  including  any  senior  official  des- 
ignated by  the  head  of  the  agency  as  responsible  for  implementation 
of  this  section,  and  the  inspector  general  of  the  agency,  if  any.  The 
inspector  general  shall  not  serve  as  a  chairman  of  the  Data  Integri- 
ty Board. 

(3)  Each  Data  Integrity  Board  shall  perform  the  following  func- 
tion: 

(A)  review,  approve,  and  maintain  all  written  agreements  for 
receipt  or  disclosure  of  agency  records  for  matching  programs  to 
ensure  compliance  with  subsection  (o),  and  all  relevant  statutes, 
regulations,  and  guidelines; 

(B)  review  all  matching  programs  in  which  the  agency  has 
participated  during  the  year,  either  as  a  source  agency  or  recipi- 
ent agency,  determine  compliance  with  applicable  laws,  regula- 
tions, and  agency  agreements,  and  assess  the  cost-benefits  of 
such  programs; 

(C)  review  all  recurring  matching  programs  in  which  the 
agency  has  participated  during  the  year,  either  as  a  source 
agency  or  recipient  agency,  for  continued  justification  for  such 
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disclosures  and  for  compliance  with  applicable  laws,  regula- 
tions, and  agency  agreements,  and  assess  the  cost-benefits  of 
such  programs; 

(D)  compile  an  annual  report  to  the  head  of  the  agency  and 
the  Office  of  Management  and  Budget  on  the  matching  activi- 
ties of  the  agency,  including — 

(i)  matching  programs  in  which  the  agency  has  partici- 
pated as  a  source  agency  or  recipient  agency; 

(ii)  matching  agreements  proposed  under  subsection  (o) 
that  were  disapproved  by  the  Board;  and 

(Hi)  the  matching  of  records  as  a  source  agency  or  recipi- 
ent agency  under  programs  not  covered  by  this  section  or 
described  in  subparagraphs  (A)  through  (E)  of  subsection 
(a)(8); 

(E)  serve  as  a  clearinghouse  for  receiving  and  providing  infor- 
mation on  the  accuracy,  completeness,  and  reliability  of  records 
used  in  matching  programs; 

(F)  provide  interpretation  and  guidance  to  agency  components 
and  personnel  on  the  requirements  of  this  section  with  respect 
to  matching  programs; 

(G)  review  agency  recordkeeping  and  disposal  policies  and 
practices  with  regard  to  matching  programs  to  assure  compli- 
ance with  this  section;  and 

(II)  review  and  coordinate  privacy  training  programs  for  the 
agency's  personnel. 

(4)  Each  Data  Integrity  Board  shall  maintain  such  staff  as  neces- 
sary to  carry  out  its  functions  specified  by  this  subsection.  Such 
staff  shall  include  persons  designated  by  the  head  of  the  agency  as 
responsible  for  implementation  of  this  section. 

(5)  The  Director  of  the  Office  of  Management  and  Budget  shall 
annually  consolidate  in  a  report  to  the  Congress  the  information 
contained  in  the  reports  from  the  various  Data  Integrity  Boards 
under  paragraph  (3)(D). 


O 


